Logging onto domain from non-MS VPN

This has me stymied, so I figure it's either blindingly simple or
impossible:

Using an XP/Vista PPTP connection, I connect to a VPN server running on our
DD-WRT router. I can map drives to our Server 2003 box and access resources
that way. Fine. But is there a way of actually logging into the domain
remotely short of using Server 2003 itself as a VPN server instead of the
router?

Thanks

Making the connection to a Windows RRAS server would not solve the
problem either. The simple fact is that making a VPN connection just sets up
a point-to-point connection. It does not do a domain login. In fact it
couldn't do that because the client machine has already done a local login
before you start.

The only way to do a domain login is to use the "login using a dialup
connection" option from the login screen. This sets up the connection and
logs into the domain in one go. It is not simple to set up, and it means you
must log out your machine before you start the connection process.

Why do you feel the need to log into the domain? You do not need to log
into the domain to access domain resources. You just need credentials which
are valid on the domain.


"Milhouse Van Houten" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> This has me stymied, so I figure it's either blindingly simple or
> impossible:
>
> Using an XP/Vista PPTP connection, I connect to a VPN server running on
> our DD-WRT router. I can map drives to our Server 2003 box and access
> resources that way. Fine. But is there a way of actually logging into the
> domain remotely short of using Server 2003 itself as a VPN server instead
> of the router?
>
> Thanks

The reason I thought connecting straight to RRAS would be a domain login was
because of the presence of the (optional) "Domain" field on the login screen
of the client, but apparently that's not the case. I imagine the logging out
of your machine part has something to do with profiles, and that would be
inconvenient.

I thought logging onto the domain would simplify connectivity and make
things work more smoothly. For example, I'd be able to browse network
resources, which I can't seem to do now. Also, when using Access to access a
remote SQL database, right now I get a logon failure. While a KB article
lists a workaround for that, it wasn't necessary when on the LAN.

"Bill Grant" <not.available@online> wrote in message
news:#(E-Mail Removed)...
> Making the connection to a Windows RRAS server would not solve the
> problem either. The simple fact is that making a VPN connection just sets
> up a point-to-point connection. It does not do a domain login. In fact it
> couldn't do that because the client machine has already done a local login
> before you start.
>
> The only way to do a domain login is to use the "login using a dialup
> connection" option from the login screen. This sets up the connection and
> logs into the domain in one go. It is not simple to set up, and it means
> you must log out your machine before you start the connection process.
>
> Why do you feel the need to log into the domain? You do not need to log
> into the domain to access domain resources. You just need credentials
> which are valid on the domain.
>
>
> "Milhouse Van Houten" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> This has me stymied, so I figure it's either blindingly simple or
>> impossible:
>>
>> Using an XP/Vista PPTP connection, I connect to a VPN server running on
>> our DD-WRT router. I can map drives to our Server 2003 box and access
>> resources that way. Fine. But is there a way of actually logging into the
>> domain remotely short of using Server 2003 itself as a VPN server instead
>> of the router?
>>
>> Thanks
>

No, logging into the domain would not do most of that for you either.

Being on a VPN link is not at all like being on the LAN. It is simply an
IP connection over a slow link. It is really just a special case of a dialup
connection. You are just using the Internet as the carrier instead of the
phone cable.

Your best bet for name resolution is to use DNS. You can add the DNS
suffix of your domain to the client's connection properties so that it can
resolve simple names. (eg if you add the suffix domain.local to the client,
you can use servername to resolve servername.domain.local).

"Milhouse Van Houten" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> The reason I thought connecting straight to RRAS would be a domain login
> was because of the presence of the (optional) "Domain" field on the login
> screen of the client, but apparently that's not the case. I imagine the
> logging out of your machine part has something to do with profiles, and
> that would be inconvenient.
>
> I thought logging onto the domain would simplify connectivity and make
> things work more smoothly. For example, I'd be able to browse network
> resources, which I can't seem to do now. Also, when using Access to access
> a remote SQL database, right now I get a logon failure. While a KB article
> lists a workaround for that, it wasn't necessary when on the LAN.
>

OK. Though I didn't think the speed (or type) of connection precluded any of
this, I guess it does.

On DNS, I had added the IP of the server in the client (Networking tab,
properties of TCP/IP, Advanced), though it didn't seem to have any effect.
I'll try what you suggested as well.

Before, when you said "It is not simple to set up, and it means you must log
out your machine before you start the connection process," could you point
me to whatever this procedure is? I probably won't do it, but I'm curious,
since I can't quite imagine what can be initiated from a logged out state.

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> No, logging into the domain would not do most of that for you either.
>
> Being on a VPN link is not at all like being on the LAN. It is simply an
> IP connection over a slow link. It is really just a special case of a
> dialup connection. You are just using the Internet as the carrier instead
> of the phone cable.
>
> Your best bet for name resolution is to use DNS. You can add the DNS
> suffix of your domain to the client's connection properties so that it can
> resolve simple names. (eg if you add the suffix domain.local to the
> client, you can use servername to resolve servername.domain.local).
>
> "Milhouse Van Houten" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> The reason I thought connecting straight to RRAS would be a domain login
>> was because of the presence of the (optional) "Domain" field on the login
>> screen of the client, but apparently that's not the case. I imagine the
>> logging out of your machine part has something to do with profiles, and
>> that would be inconvenient.
>>
>> I thought logging onto the domain would simplify connectivity and make
>> things work more smoothly. For example, I'd be able to browse network
>> resources, which I can't seem to do now. Also, when using Access to
>> access a remote SQL database, right now I get a logon failure. While a KB
>> article lists a workaround for that, it wasn't necessary when on the LAN.
>>
>

Step 1 is to make sure that the dialup connection is configured for all
users. If it is configured for one user only the option does not appear in
the logon window.

Step 2 is reboot or logoff any local login. From the login screen select
the "login using a dialup connection". Enter your domain username an
password. This account needs to be valid for making a dialup connection as
well as domain login.

"Milhouse Van Houten" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> OK. Though I didn't think the speed (or type) of connection precluded any
> of this, I guess it does.
>
> On DNS, I had added the IP of the server in the client (Networking tab,
> properties of TCP/IP, Advanced), though it didn't seem to have any effect.
> I'll try what you suggested as well.
>
> Before, when you said "It is not simple to set up, and it means you must
> log out your machine before you start the connection process," could you
> point me to whatever this procedure is? I probably won't do it, but I'm
> curious, since I can't quite imagine what can be initiated from a logged
> out state.
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> No, logging into the domain would not do most of that for you either.
>>
>> Being on a VPN link is not at all like being on the LAN. It is simply an
>> IP connection over a slow link. It is really just a special case of a
>> dialup connection. You are just using the Internet as the carrier instead
>> of the phone cable.
>>
>> Your best bet for name resolution is to use DNS. You can add the DNS
>> suffix of your domain to the client's connection properties so that it
>> can resolve simple names. (eg if you add the suffix domain.local to the
>> client, you can use servername to resolve servername.domain.local).
>>
>> "Milhouse Van Houten" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> The reason I thought connecting straight to RRAS would be a domain login
>>> was because of the presence of the (optional) "Domain" field on the
>>> login screen of the client, but apparently that's not the case. I
>>> imagine the logging out of your machine part has something to do with
>>> profiles, and that would be inconvenient.
>>>
>>> I thought logging onto the domain would simplify connectivity and make
>>> things work more smoothly. For example, I'd be able to browse network
>>> resources, which I can't seem to do now. Also, when using Access to
>>> access a remote SQL database, right now I get a logon failure. While a
>>> KB article lists a workaround for that, it wasn't necessary when on the
>>> LAN.
>>>
>>