I have two Storage Servers running Windows Storage Server 2003 in a Windows Server Standard 2008 R2 Domain. On top of Active Directory authentication, I want
to add MAC address authentication for access to just one of the Storage Servers. In this scenario, an authenticated user cannot log into the target Storage Server unless the user is also on one of the accepted MAC address computers. All domain
users will have access to the other Storage Server files and folders as setup in Active Directory. I've already setup user access by permissions to the folders on the target Storage Server, however I want to further restrict access to specific computers
as well. For what it's worth the server hardware is HP Proliant DL360 G5 for the Server Standard 2008 R2, and HP Proliant DL185 G5 for the two Storage Server 2003 computers. I do NOT want to have MAC address authentication as the primary means
of access control to the network, only to the one Storage Server as an addition to the Active Directory control.
↧
Windows Server Standard 2008 R2, with two Windows Storage Servers 2003: How can I add MAC authentication on top of Active Directory authentication for one of the Storage Servers?
↧
NPS Reason Code: 266
Hi,
I have an issue with RADIUS server that is running on Windows server 2008.
My installation contains:
Active Directory
Network Policy and Access Services/Certificate Services
Ruckus ZoneDirector 1100
The issue is in the following. Android and MAC devices can successfully be authenticated by entering username and password of an account that exists in AD. But when I try to connect from any Windows workstation/device with the same user account authentication fails. I am using PEAP and MS-CHAPv2.
In logs of Radius server I get following message:
Log Name: SecuritySource: Microsoft-Windows-Security-Auditing
Date: 4/17/2013 2:43:35 PM
Event ID: 6273
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: sd4.sd3.example.com
Description:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: DOMAIN\user
Account Name: user
Account Domain:DOMAIN
Fully Qualified Account Name:DOMAIN\user
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name:-
OS-Version: -
Called Station Identifier:54-45-37-59-6F-18:SSID
Calling Station Identifier:90-A4-FE-F5-5C-15
NAS:
NAS IPv4 Address:192.168.0.12
NAS IPv6 Address:-
NAS Identifier:54-45-37-59-6F-18
NAS Port-Type:Wireless - IEEE 802.11
NAS Port: 62
RADIUS Client:
Client Friendly Name:Wi-Fi
Client IP Address:192.168.0.12
Authentication Details:
Connection Request Policy Name:Secure Wireless Connections
Network Policy Name:Secure Wireless Connections
Authentication Provider:Windows
Authentication Server:sd4.sd3.example.com
Authentication Type:PEAP
EAP Type: -
Account Session Identifier:-
Logging Results:Accounting information was written to the local log file.
Reason Code: 266
Reason: The message received was unexpected or badly formatted.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>6273</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>12552</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2013-04-17T08:43:35.748681600Z" />
<EventRecordID>1855988030</EventRecordID>
<Correlation />
<Execution ProcessID="588" ThreadID="1364" />
<Channel>Security</Channel>
<Computer>KyrBisDC01.kumtor.centerra.com</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-21-3308725698-569140402-2839366257-9261</Data>
<Data Name="SubjectUserName">user</Data>
<Data Name="SubjectDomainName">DOMAIN</Data>
<Data Name="FullyQualifiedSubjectUserName">DOMAIN\user</Data>
<Data Name="SubjectMachineSID">S-1-0-0</Data>
<Data Name="SubjectMachineName">-</Data>
<Data Name="FullyQualifiedSubjectMachineName">-</Data>
<Data Name="MachineInventory">-</Data>
<Data Name="CalledStationID">54-3D-37-59-6F-18:SSID</Data>
<Data Name="CallingStationID">90-A4-DE-F5-5C-15</Data>
<Data Name="NASIPv4Address">192.168.0.12</Data>
<Data Name="NASIPv6Address">-</Data>
<Data Name="NASIdentifier">54-3D-37-59-6F-18</Data>
<Data Name="NASPortType">Wireless - IEEE 802.11</Data>
<Data Name="NASPort">62</Data>
<Data Name="ClientName">Wi-Fi</Data>
<Data Name="ClientIPAddress">192.168.0.12</Data>
<Data Name="ProxyPolicyName">Secure Wireless Connections</Data>
<Data Name="NetworkPolicyName">Secure Wireless Connections</Data>
<Data Name="AuthenticationProvider">Windows</Data>
<Data Name="AuthenticationServer">sd4.sd3.example.com</Data>
<Data Name="AuthenticationType">PEAP</Data>
<Data Name="EAPType">-</Data>
<Data Name="AccountSessionIdentifier">-</Data>
<Data Name="ReasonCode">266</Data>
<Data Name="Reason">The message received was unexpected or badly formatted.</Data>
<Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
</EventData>
</Event>
Windows Server 2008 that performs NPS role has last updates.
Please, someone give an advice.
↧
↧
Distinguish users in NPS by Extended Key Usage OID´s for Wireless authentication
I need to distinguish my WiFi users, by using custom Extended Key Usage OID`s to put them in different Wireless Networks. For that, I have configured my NPS like described in http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/a0bfc02e-4176-4add-9691-e4d118275511, but it´s not working as expected. Authentications will be successful depending on the order of the certificates in the user certificate store on the client.
For example:
Policy 1: allowed-certificate-OID --> corporate
Policy 2: allowed-certificate-OID --> private
Client authenticates with EKU corporate --> success
Client authenticates with EKU private --> reject
My expectation was, that if Policy 1 will not match the NPS goes over to Policy 2 and tries to authenticate the client.
Any ideas on this?
regards
fkessler
↧
Guest Wi-fi internet access
Hi All,
I’m hoping you can shed some light for me and point me in the right direct. I work in IT but this technology is new for me.
We’re currently setting out a conference room facility at our hotel and want to be able to provide guest access via wi-fi to the internet. I’ve read a lot of information about captive portals etc to provide billing but we do not want to charge for internet services as it’ll be included in the conference room costs and would prefer to keep everything Microsoft…. I’ve read up that we’ll probably need a radius server to provide AAA authentication via Windows Server 2008 NPS. What we want to achieve is that when a user goes to an internet page they’ll be re-directed to our IIS server’s webpage to confirm they accept our terms & conditions. Once they have confirmed this then Internet access will be granted….
Am I correct that this can be achieved with NPS or am I barking up the wrong tree…
Many Thanks for your help.
Eljay
I’m hoping you can shed some light for me and point me in the right direct. I work in IT but this technology is new for me.
We’re currently setting out a conference room facility at our hotel and want to be able to provide guest access via wi-fi to the internet. I’ve read a lot of information about captive portals etc to provide billing but we do not want to charge for internet services as it’ll be included in the conference room costs and would prefer to keep everything Microsoft…. I’ve read up that we’ll probably need a radius server to provide AAA authentication via Windows Server 2008 NPS. What we want to achieve is that when a user goes to an internet page they’ll be re-directed to our IIS server’s webpage to confirm they accept our terms & conditions. Once they have confirmed this then Internet access will be granted….
Am I correct that this can be achieved with NPS or am I barking up the wrong tree…
Many Thanks for your help.
Eljay
↧
using RADIUS with Wireless
I already configure Radius Server with ADDS, DNS, DHCP and CA. When i connect to Wireless (TP-Link) it does not work.
I also install certificate, add new Radius client, and configure access point for WAP2-Enterprise.
When I use troubleshoot tool it show this error message:
- Windows can't connect to the hidden network "Testing"
- Problem with Wireless adapter or access point
what should i do next?
↧
↧
configure Radius server step by step
I want to configure radius server on server 2008 to work with Hp wireless controller.
The machines are not members of domain
I want users to authenticate with only their "domain user" and "password"
My goal is when domain users try to connect via devices not member of domain to my wireless network, the computer ask him to enter his "domain user" and "password".
i want to reduce any settings on client computer as much as possible
↧
DHCP Enforcement assign address fails
We are testing DHCP NAP in the lab.
We set WSHV just to check if the Windows Firewall is turned on.
Also we create a DHCP Policy to configure non-compliance client to get a specified DNS name(015) and DNS server option.
The parameters of policy are as below:
Conditions:User Class
Operator:Equals
Value:Default Network Access Protection Class
Everything is ok so client will get the dns name and dns server option which we specified in the policy if the windows firewall is turned off.
But as long as we add an ip range to the policy,non-compliance client could get neither IP nor DHCP Options from DHCP server.
Client will configure itself to use APIPA.
We got the EVENT:50015 Nack is received on interface %interface_indexnumber% from client event log.
What's the case?
↧
Windows 802.1x clients fail when Cisco Switch port is in MAB only mode.
My company has a few different sites in North America. At my site I have implemented 802.1x port security with AD, and MAB for fallback to support Linux clients. This works perfectly at our site, however other sites don't use that configuration.
My issue is that the other sites are running do1x with MAB as the only option. This is a Cisco house with Cisco switches and Cisco ACS as the radius server. When my 802.1x windows clients go to the other sites, they will not authenticate until we turn off 8021.x on the windows client. I am trying to see if there is a way to force windows to send it's mac if it does not see EAPOL requests. I have looked everywhere and cannot find a solve.
Thanks in advance.
↧
Windws Firewall Problem
Hi!
Here is my situation:
My servers have two network adapters - one for private network and one for internet.
I recently joined them to a local domain and now both adapters are in the domain network.
If a port is opened to for the domain - it is also opened for the internet! MADNESS!
I joined the servers to the domain by condifuring the local dns server only on the private network adapters, using its private ip
(network is 192.168.*.*)
Why is this happening? How can I exclude the internet adapters from the domain network, so public rules will apply to it when using windows firewall? If I block LDAP and KERBEROS for the registered ips, so no AD traffic pass on these adapters,
will that solve my problem?
Please I need help ASAP
↧
↧
CA Servers issues
I have a 2003 CA server setup as a Root CA server in my domain. I have added a 2008 R2 Enterprise server tom the domain as a Enterprise Subordinate CA and added NPS to it. I am trying to get my new Aerohive APs to authenticate through radius
using the 2008 server, but i keep getting a certificate train not trusted. I see the certificate in the trusted root certificates on the clients, but they keep saying it is untrusted. Any thoughts?
↧
Issues with WPA2 Enterprise authentication and NPS
Hello,
For the past couple days I’ve been trying to get a new NPS/Radius configuration set up for use with a Netgear WNDR3700 wireless router. This is my first attempt at setting up such a configuration so there may be some obvious items I may have missed.
I started with setting up the NPS server (Server 2008 R2 Ent) on a VM and registering it with AD, I didn’t add the network policies to NPS as I didn’t have the router configured yet. Next thing was the router and WAP set up. I configured the Netgear to use WPA2 Enterprise authentication through RADIUS and pointed to the new NPS server. I also configured the friendly name and IP addressing. Then on the NPS server, I configured the RADIUS client, Network Policy and Connection Request Policy for the appropriate friendly name.
For the network policy, I have set access permissions to grant access and ignore user account dial-in properties. Under conditions, I have only allowed the Wireless group in my AD, which includes myself as a user. For constraints I have MS Protected EAP added to EAP types, I have also checked MSCHAPv2 and MS-CHAP as well as Unencrypted Authentication.
Next step was setting up the CA. Because the NPS role isn’t installed on the PDC, I needed to set this up as a subordinate CA. I added the subordinate CA role, and created the necessary certificate templates for Users, Computers and IAS and RAS Server and issued them out. I then configured the GPO settings for autoenroll and ran a gpupdate on the server. The certificates were issued and now it was time for testing.
When attempting to connect to the WAP, I am unable to authenticate. I’m getting an error code 22 in the NPS server event log stating: “The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server. “ After doing some research most answers point to certificate problems. The server has been issued the IAS and RAS certificate and my user name and laptop have also recieved the proper certificate. I have tested authentication through the firewall and it authenticates no problem with its client set up, but it also doesn’t require certificates.
At this point, I'm trying to determine where I may have gone wrong with certificates, but I'd really appreciate any help I can get!
↧
VPN en Server 2008
Tengo un servidor 2008 R2 Std , tengo AD, DNS, DHCP, y la VPN. Me logro conectar a la VPN desde cualquier lugar pero solo puedo accesar a los recursos compartidos en el servidor VPN y muy lento, si quiero accesar a otro servidor o cualquier equipo no lo
encuentra, si le hago un ping ya sea por su computername o ip si responden, solo no puedo accesarlos.
↧
I got "System error 1231 has occurred." while trying to map another computer in my network
I have problem with network share in my Windows Server 2008 Machine.
Ping is OK, net use or net view is not. See under:
C:\Users\tsi>net view \\storage01
System error 1231 has occurred.
The network location cannot be reached. For information about network troubleshoting, see Windows Help.
C:\Users\tsi>ping storage01
Pinging storage01.powelasa.powel.com [2002:c1d7:4a5b::c1d7:4a5b] from 2002:c1d7
4a30::c1d7:4a30 with 32 bytes of data:
Reply from 2002:c1d7:4a5b::c1d7:4a5b: time<1ms
Reply from 2002:c1d7:4a5b::c1d7:4a5b: time<1ms
Reply from 2002:c1d7:4a5b::c1d7:4a5b: time<1ms
Reply from 2002:c1d7:4a5b::c1d7:4a5b: time<1ms
Ping statistics for 2002:c1d7:4a5b::c1d7:4a5b:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
'WebClient' in my machine is also started and its startup type is also set as Automatic.
Can anyone help me to solve this issue???
Thanks,
Velu
Velu
Ping is OK, net use or net view is not. See under:
C:\Users\tsi>net view \\storage01
System error 1231 has occurred.
The network location cannot be reached. For information about network troubleshoting, see Windows Help.
C:\Users\tsi>ping storage01
Pinging storage01.powelasa.powel.com [2002:c1d7:4a5b::c1d7:4a5b] from 2002:c1d7
4a30::c1d7:4a30 with 32 bytes of data:
Reply from 2002:c1d7:4a5b::c1d7:4a5b: time<1ms
Reply from 2002:c1d7:4a5b::c1d7:4a5b: time<1ms
Reply from 2002:c1d7:4a5b::c1d7:4a5b: time<1ms
Reply from 2002:c1d7:4a5b::c1d7:4a5b: time<1ms
Ping statistics for 2002:c1d7:4a5b::c1d7:4a5b:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
'WebClient' in my machine is also started and its startup type is also set as Automatic.
Can anyone help me to solve this issue???
Thanks,
Velu
Velu
↧
↧
Implementing DirectAccess (Can't Connect - Never Have) - Server 2012 with Windows 8 client
I have been trying to implement DirectAccess and have been unable to do so.
Server- 2012 domain joined with no NAT behind Cisco ASA firewall
LAN nic - no gateway - static routes - has DNS servers configured
DMZ nic - has gateway no DNS serversOn the Windows 8 client I see the DA connection but it always sits at connecting. It never has made a connection.
I have opened up the Cisco firewall (to test only and shut it back down) to allow all traffic to the DA Server. During that time i tried to ping the DA host name and was successful and then tried to connect. The only thing i saw in the logs was allow icmp from an ipv6 address and then from my external home ip address. I then saw an allow on a single tcp from my external home ip address to the DMZ ip address on 443. Then there were several more ICMP connections to the server from the same ipv6 address as before.
I read that the windows firewall must be enabled on the server so I uninstalled Symantec Endpoint Protection and enabled the windows firewall. I did the same with the Windows 8 laptop. I am still unable to make this connection.
Where do I start to troubleshoot this? Even with the Cisco wide open to the server it does not connect, so i am pretty sure that is not the issue unless it is coming back into the network but i would imagine that there are logs i can look at to determine that.
Thanks for any help you can lend. I have been tinkering with this on and off for months trying to get it implemented but keep coming up empty handed.
↧
NPS authentication for smartphones using calling-station-ID parameter AND AD group membership
Hello everybody,
In ou organisation, we got currently an WLAN ESSID for smartphones. Those smartphones are authenticated at the moment by a RADIUS server (Windows 2008 - NPS role) where authentication occurs as such:
-A new network policy for every new smartphone that is allowed
-The network policy for smartphone conditions are:
This lead to an annoying situation where you have for each and every smartphone a network policy entry in NPS.
I was wondering if there were any other way or method that could be used in order to get only one network policy for all smartphone.
The windows group for smartphone owner has members that are allowed to use the smartphone wifi. But they can have multiple devices. So each device that is owned by one person should be authenticated.
Since the Called-station-ID and the windows group membership are static and remains the same for RADIUS conditions, is there a way to get the Calling-station-ID also static? Meaning, is it possible, for example, to authenticate the Calling-station-ID against an AD group for example ? So we have 3 static conditions and no need anymore to create a specific network policy for each an every smartphone.
The authentication method currently used is PEAP with EAP type EAP-MSCHAPv2.
The NAC device is a motorola RFS6000 WLAN controler switch.
Thank you.
M S
In ou organisation, we got currently an WLAN ESSID for smartphones. Those smartphones are authenticated at the moment by a RADIUS server (Windows 2008 - NPS role) where authentication occurs as such:
-A new network policy for every new smartphone that is allowed
-The network policy for smartphone conditions are:
- 1
Calling-station-ID (mac address of the allowed smartphone)
- 2
Called-station-ID (ESSID or WLAN name)
- 3
Windows group membership of the smartphone owners
This lead to an annoying situation where you have for each and every smartphone a network policy entry in NPS.
I was wondering if there were any other way or method that could be used in order to get only one network policy for all smartphone.
The windows group for smartphone owner has members that are allowed to use the smartphone wifi. But they can have multiple devices. So each device that is owned by one person should be authenticated.
Since the Called-station-ID and the windows group membership are static and remains the same for RADIUS conditions, is there a way to get the Calling-station-ID also static? Meaning, is it possible, for example, to authenticate the Calling-station-ID against an AD group for example ? So we have 3 static conditions and no need anymore to create a specific network policy for each an every smartphone.
The authentication method currently used is PEAP with EAP type EAP-MSCHAPv2.
The NAC device is a motorola RFS6000 WLAN controler switch.
Thank you.
M S
↧
Security issue that I have tried everything to stop. Can anyone please help?
I am running Windows 8 and I have my remote access turned off. I have also made sure that all access to any Bluetooth capability is turned off as well. But every time I look in my security log I still see the same events logged in. I have changed my password several times, I am running McAfee in stealth mode and made sure my firewalls pretty much don't let me type without notifying me. I have taken great precautions when comes to my Internet as well. I have had to reset my laptop to it's factory settings for the third time now because whoever this is thinks it funny to impersonate me somehow remotely and change my user rights to my own files. I am attending online college and this is causing me great problems. I have even found that they are now deleting important emails from my Online college inbox, then from the deleted inbox. The following is just one of the examples of a log entry that I have. If you have any suggestions, please feel free to let me know. I will except any help!
Event Viewer Information:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 5/26/2013 7:44:46 AM
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: Again
Description:
An account was successfully logged on.
General Tab:
Subject:
Security ID: SYSTEM
Account Name: AGAIN$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 5
Impersonation Level: Impersonation
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x30c
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Details Tab: (Friendly view)
Event Xml:
<Event xmlns= <"schemas.microsoft.com win 2004 08 events event"> (this is actually a link but I had to alter it so Microsoft would let me post it)
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4624</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2013-05-26T12:44:46.955387200Z" />
<EventRecordID>10840</EventRecordID>
<Correlation />
<Execution ProcessID="788" ThreadID="4656" />
<Channel>Security</Channel>
<Computer>Again</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">AGAIN$</Data>
<Data Name="SubjectDomainName">WORKGROUP</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="TargetUserSid">S-1-5-18</Data>
<Data Name="TargetUserName">SYSTEM</Data>
<Data Name="TargetDomainName">NT AUTHORITY</Data>
<Data Name="TargetLogonId">0x3e7</Data>
<Data Name="LogonType">5</Data>
<Data Name="LogonProcessName">Advapi </Data>
<Data Name="AuthenticationPackageName">Negotiate</Data>
<Data Name="WorkstationName">
</Data>
<Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x30c</Data>
<Data Name="ProcessName">C:\Windows\System32\services.exe</Data>
<Data Name="IpAddress">-</Data>
<Data Name="IpPort">-</Data>
<Data Name="ImpersonationLevel">%%1833</Data>
</EventData>
</Event>
Hopefully someone can please help!!
Thx, WhatchBotheringMe4
↧
802.1x on XP SP3 failed with "Identity: NULL"
Hi Everybody!
Server: Windows 2008 sp2 with AD, DNS, DHCP, NPS roles installed.
Client: Windows XP SP3 + KB957931 + KB960655.
802.1x configured via Group Policy. Computer only auth, using PEAP (Smart card or other certificate). Certificates issued for all domain computers via local MSCertificate Services (Windows 2003 server).
Problem description
Sometimes Windows XP SP3 computer failed to complete 802.1x auth at boot. Event ID 15514 from Dot3Svc. Identity: NULL, Reason: 327685, ErrorCode -2147024846 (0x80070032 - ERROR_NOT_SUPPORTED), Text: The request is not supported.
Second auth session had always completed successfully.
I have noticed that ip address had changed after such a failed auth.
So, my question is: why does it happen and how to prevent this?
↧
↧
VPN Connection and Local Domain Account Problem.
I often use VPN connections to connect to clients for remote support, usually to their server.
Since starting to use windows 8 I have encountered a strange problem when trying to access my own local server which my windows 8 PC is a member of a domain controlled by that server.
Whenever I have a VPN connection to a client, windows 8 sends the wrong credentials to my local DC and it refuses the connection.
Simply browsing to \\server prompts for a username and password and has the VPN connection's credentials in the box as default.
Dropping the VPN connection immediately fixes this issue.
Is there a way to maintain a local domain connection at the same time as having a VPN connection open.
Thanks,
Stuart.
↧
How to setup VPN
I have a network setup as follows.
internet->firewall->Domain server, DHCP, DNS, storage server, vpn server.
I want to configure VPN so remote users can connect to internal network and access files in the storage server. The Internal network is in 192.168.1.x range. I believe it becomes an issue if the remote user is sitting on same ip range as that i have(ie,192.168.1.x). How can i configure the VPN so that the remote users get a different ip range when connecting and still access the files.
↧
Unable to connect to network using RADIUS
I have a Server 2008 setup with AD. eventually we want SSO everywhere but i have had problems with just about every windows 7 PC we have, while other devices (linux laptops, iPads, android phones, etc...) authenticate fine. The main problem
with the windows 7 PC's is even when i tell it not to store any credentials it simply will not ask the user for their username/password, thus I don't even know if it's using valid credentials. even when i tell it which credentials to use by specifiying
the authentication mode it will not connect.
↧