Logging onto domain from non-MS VPN

Discussion in 'Windows Networking' started by Milhouse Van Houten, Apr 8, 2008.

  1. This has me stymied, so I figure it's either blindingly simple or
    impossible:

    Using an XP/Vista PPTP connection, I connect to a VPN server running on our
    DD-WRT router. I can map drives to our Server 2003 box and access resources
    that way. Fine. But is there a way of actually logging into the domain
    remotely short of using Server 2003 itself as a VPN server instead of the
    router?

    Thanks
     
    Milhouse Van Houten, Apr 8, 2008
    #1
    1. Advertisements

  2. Milhouse Van Houten

    Bill Grant Guest

    Making the connection to a Windows RRAS server would not solve the
    problem either. The simple fact is that making a VPN connection just sets up
    a point-to-point connection. It does not do a domain login. In fact it
    couldn't do that because the client machine has already done a local login
    before you start.

    The only way to do a domain login is to use the "login using a dialup
    connection" option from the login screen. This sets up the connection and
    logs into the domain in one go. It is not simple to set up, and it means you
    must log out your machine before you start the connection process.

    Why do you feel the need to log into the domain? You do not need to log
    into the domain to access domain resources. You just need credentials which
    are valid on the domain.
     
    Bill Grant, Apr 8, 2008
    #2
    1. Advertisements

  3. The reason I thought connecting straight to RRAS would be a domain login was
    because of the presence of the (optional) "Domain" field on the login screen
    of the client, but apparently that's not the case. I imagine the logging out
    of your machine part has something to do with profiles, and that would be
    inconvenient.

    I thought logging onto the domain would simplify connectivity and make
    things work more smoothly. For example, I'd be able to browse network
    resources, which I can't seem to do now. Also, when using Access to access a
    remote SQL database, right now I get a logon failure. While a KB article
    lists a workaround for that, it wasn't necessary when on the LAN.
     
    Milhouse Van Houten, Apr 8, 2008
    #3
  4. Milhouse Van Houten

    Bill Grant Guest

    No, logging into the domain would not do most of that for you either.

    Being on a VPN link is not at all like being on the LAN. It is simply an
    IP connection over a slow link. It is really just a special case of a dialup
    connection. You are just using the Internet as the carrier instead of the
    phone cable.

    Your best bet for name resolution is to use DNS. You can add the DNS
    suffix of your domain to the client's connection properties so that it can
    resolve simple names. (eg if you add the suffix domain.local to the client,
    you can use servername to resolve servername.domain.local).
     
    Bill Grant, Apr 9, 2008
    #4
  5. OK. Though I didn't think the speed (or type) of connection precluded any of
    this, I guess it does.

    On DNS, I had added the IP of the server in the client (Networking tab,
    properties of TCP/IP, Advanced), though it didn't seem to have any effect.
    I'll try what you suggested as well.

    Before, when you said "It is not simple to set up, and it means you must log
    out your machine before you start the connection process," could you point
    me to whatever this procedure is? I probably won't do it, but I'm curious,
    since I can't quite imagine what can be initiated from a logged out state.
     
    Milhouse Van Houten, Apr 9, 2008
    #5
  6. Milhouse Van Houten

    Bill Grant Guest

    Step 1 is to make sure that the dialup connection is configured for all
    users. If it is configured for one user only the option does not appear in
    the logon window.

    Step 2 is reboot or logoff any local login. From the login screen select
    the "login using a dialup connection". Enter your domain username an
    password. This account needs to be valid for making a dialup connection as
    well as domain login.
     
    Bill Grant, Apr 10, 2008
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.