dcmathis
asked on
windows 10 laptop trying to connect to network resources with VPN credentials, not AD credentials
We're running a watchguard XTM-515 (running XTM v.11.11.2.B508770), pptp vpn connections going into a windows 2008 AD network. I've got one user with this problem on a regular basis. Here's the scenerio. Let's say we have a user named "Bob Smith." Bob's domain username is bob_s. Bob's VPN username is bsmith. When connecting to the network via vpn (pptp) the connection links up correctly. However, when trying to access mapped network drives, the computer tries to use the VPN username (domain.com\bsmith) instead of the domain username (domain.com\bob_s), with domain.com added to the front (shouldn't be there. Isn't part of the vpn login credentials at all). When authentication fails, Bob has to select "use different credentials" and manually specify "domain.com\bob_s." It doesn't seem to matter whether he checks the box to remember the credentials or not. This happens both when he connects to the network via the vpn and the first time he logs on after returning to the office and plugging back into the network. After that, things seem to work okay until Bob takes his laptop out again. The next time he leaves the office, it happens all over again. This does not seem to happen to anyone else. "Bob" isn't a tinkerer, and has nothing installed on his laptop other than the standard applications that all other users have. Not that it matters, but his laptop is a lenovo T560, running windows 10 pro.
Any thoughts would be greatly appreciated.
Any thoughts would be greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What I would suggest you do is to integrate your AD with your XTM device. This would then allow BOB to make use of his domain account for both the VPN connections as well as the Map Drives which he is allowed to access. You can make use of LDAP, AD, Radius, SecurID. In your case I would suggest you use the AD as your authentication. You can create a new group within your AD. The name for the group should be "VPN-Users" for instance. Then you will need to make bob a part of that group and also specify that group within your XTM device. NB - The name you specify for a group in your AD has to be exactly the same in your firewall. If you require assistance with setting up your AD authentication and you are unsure you can get in touch here. Good luck!
ASKER
Well, I had thought this issue resolved, but it just raised its ugly head again on another user's laptop. I still believe that this solution is the best for my current environment, but will continue to look for alternatives.
Thanks guys for the help. Sorry to have been so long in answering back.
Thanks guys for the help. Sorry to have been so long in answering back.
ASKER
Adam: Believe me, I'm well aware of the security problems with pptp connections. We're in the process of upgrading security and getting things buttoned down better. As far as configuring the watchguard to use AD, do we need radius running for that?