Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

1720 IOS VPN with IAS Radius server 1

Status
Not open for further replies.
geebs

geebs

Technical User
Jun 25, 2003
3
AU
Hi all,

I have a strange problem, I got our VPN working so users can connect and authenticate with an IAS server and AD.

Works well, basically our laptop users take their laptops home, connect to the Internet, then fire up the Cisco client, it prompts them for their AD user/pass and bang there in, they can open outlook, map network drives, all works well.

One problem though is with users wanting to connect using their home PC's.
It seems that if they dont have a machine thats been on our work network, part of our domain, they can still connect, but not map drives.
They can actually map drives, but they get an access denied error ...

I don't understand where this is coming from, once they authenticate with the Radius server using their AD user/pass, they should have access to everything they normally have on the LAN.

Does anyone know what could be causing this ?

Have I missed something ?
 
Sort by date Sort by votes
The problem is that the workstation is not part of the domain.

Although the users have connected using RADIUS they have only authenticated with the Cisco, not the domain.

You need to establish an IPC connection to each server before the user can successfully map any drives. you can do this from a command prompt like this:

NET USE \\SERVER\IPC$ /USER:DOMAIN\USERNAME PASSWORD

If you have lots of servers you could look at a script that would make the connection. Something like this would ask the user for a username and password once and establish the IPC connection:

$ServerList='SERVER1','SERVER2','SERVER3'
$Domain='DOMAIN'

CLS
'Please enter your username for $Domain:'
GETS $Username
'Please enter your password for $Domain:'
GETS $Password

FOR EACH $Server in $ServerList
'Connecting to $Server - '
SHELL 'NET USE \\$Server\IPC$$ /USER:$UserName "$Password"'
IF @ERROR<>0
COLOR r+/n
'FAILED'
COLOR n/n
ELSE
COLOR g+/n
'OK'
COLOR n/n
ENDIF
?
NEXT

This script is written using KIX. You can run it using kix32 Script.KIX. You can find kix32 at
Note that this script is something that I just knocked up in a cuople of minutes - it may need some debugging. Let me know and I will post any corrections here.

HTH,
Michael.
 
Upvote 0 Downvote
I thought this may have been the case.

Thanks for your script Frenchie, I will give it a shot today ! :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Locked
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
530
CPM86
CPM86
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
305
quazimotto
quazimotto
inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
330
inlsp05
inlsp05
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
870
BIS
BIS
DigiByte34
  • Locked
  • Question
Need Help Cisco AAA to any RADIUS Software
Replies
9
Views
846
DigiByte34
DigiByte34

Part and Inventory Search

Sponsor

Back
Top