Authenticate the machine?,..or the user?,..it isn't quite the same thing.
Typically with VPN the machine is never "logged into" the domain. The VPN
credentials only "create" the connection, they do not provide any additional
authentication, they just simply create the link. The user normally gets a
login prompt everytime they access resources on a particular destination and
they have to give the right credentials (often with prefixing the username
with the domain name). So the user "authenticates" to receive the resource
but is never really "logged into" anything.
If the machine is already a Domain Member then the machine can be logged
into the Domain with the checkbox that says "Log on using Dialup Connection"
that is seen at the Crtl-Alt-Del prompt. When that is selected, you will be
allowed to choose the dialup connection to use,..pick the VPN connection and
the machine will use that during the initial logon process so that the
machine is actually logged into the Domain. Then it will behave more similar
to being on the normal LAN.
You need the machine to have a good WINS server as well as DNS (and DHCP if
using it). Make sure that the VPN Connectoid settings include a proper WINS
Server along with a proper DNS Server. If you use DHCP make sure that it
receives those settings properly.
Keep in mind that VPN is a slow "low-performance" link. Do not expect
perfection, do not expect perfect LAN-like behavior. Do not expect Network
Neighborhood to behave normally and dependably,...consider yourself lucky if
it works at all. VPN will always be somewhat "clunky".
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
B. Hoskinson said:
so my next question once i 'help' DHCP accross the router what needs to be
done if anything to authenticate my client machine with the server on the
other side of the VPN Conection
Phillip Windell said:
DNS is not "forwarded" because it is not "broadcasted". DHCP needs the
"helper" because it is broadcast based and doesn't cross router.
Using your VPN is no different than running two subnets on the LAN with a
normal LAN router between them (only it is much slower).
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
B. Hoskinson said:
i have a question about authenticationg over a site to site vpn. I
have 2
networks one with a SBS2k3 server anda domain. I want to set up a small
network at a remote location. the clients at this location should
authenticate to the sbs server and be granted the specific rights and
soforth as well as recieve DHCP and DNS information from the sbs server. I
am planning on seting up a hardware vpn connection between the 2 locations(2
sonicall security devices.) what traffic if any will i need to try to
forward accross the vpn link. the sonicwall has a setup to pass dhcp
requests from one side to the other but i think i still need dns and to
forward traffic on what ever port the logon requests happen. some advice
here would be greatly appreciated. thanks
