This is one that's been driving me crazy for some time (since SP2 days) and
now it's become a real show stopper.
Windows 2000 Server, SP4 and all updates. RRAS is setup and working
wonderfully. No group policies.
Several users doing VPN and also a couple of office-to-office persistant
connections, all humming along nicely. OK to the point:
We control access with a group called "VPN_users" - a Global Security group
in the "Users" container. Members of this group have VPN permission.
I create a new container (same level as the default "Users" container), call
it "OtherUsers"
I take a user who using VPN every day just fine and *is in the default
"Users" container* and just move him to this new container. Bang! he cannot
log in via VPN anymore. Move him back and he's doing fine.
Under the Dial-up tab I've tried both our normal "Control access through
Remote Access policy" and "Allow Access" - no change.
So - there is my problem: Only users who have their account in the default
"Users" container can login via VPN, move that user to another container and
he can't log in anymore: "Windows was unable to connect to the network using
the username and password you provided." The dialog box provides username,
password and domain fields. I've tried filling them in with every possible
variation (domain\user, user, user@domain, you name it). Nothing. Put that
user back to the Users container and he logs in fine.
On some other servers I'm running this works fine, I can put users anywhere
and they login just fine - but not this box. Can anyone please tell me where
to look?
THANKS!!
Alex
|
Similar Threads
