cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Client VPN and user permissions

SOLVED
Highlighted
A model citizen

Client VPN and user permissions

I’m using Meraki cloud authentication for VPN, so the username is in abcd@company.com and password format. 

 

After a user connect to VPN, and try to go to a file path, it’s prompting to login again. They can only access the files if they login with their AD account. 

 

How can I fix this?

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Client VPN and user permissions

When browsing to a Windows resource the Windows workstation will try to authenticate using the currently logged in users credentials (as in the workstation credentials - not the VPN credentials).

 

So if you VPN in, and then browse to a file server and are prompted with a username/password again - it is because the user on the workstation is not using credentials that the server will accept.

4 REPLIES 4
A model citizen

Re: Client VPN and user permissions

Can I make an account in AD, and create an alias pointing to abcd@company.com?

Kind of a big deal

Re: Client VPN and user permissions

When browsing to a Windows resource the Windows workstation will try to authenticate using the currently logged in users credentials (as in the workstation credentials - not the VPN credentials).

 

So if you VPN in, and then browse to a file server and are prompted with a username/password again - it is because the user on the workstation is not using credentials that the server will accept.

A model citizen

Re: Client VPN and user permissions

Ok that’s what I thought. I tried the same file path and I had the same issue. 

 

We we had a power outage so we had to shutdown all of our servers. I restarted the servers when the power came back. So may be something to do with it. 

 

Thanks 

Head in the Cloud

Re: Client VPN and user permissions

I'd honestly recommend swapping to RADIUS, but if you have to use Meraki cloud...

 

Assuming a Windows computer, you can modify the rasphone.pbk file such that it won't try to use the VPN credential to authenticate to the server. It's fairly simple to do in PowerShell, so I've grabbed snippets from a larger client VPN install script of mine.

 

You will need to run this again every time you add a new VPN connection to the Windows client, if I understand correctly. 

 

This only works if the rasphone.pbk file exists where it's expecting it to. So make sure you have a VPN connection setup and make sure rasphone.pbk exists.

 

Single user connection:

 

$pbkpath = $env:APPDATA 'Microsoft\Network\Connections\Pbk\rasphone.pbk'
(Get-Content -path $pbkpath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -path $pbkpath

 

All user connection - launch PowerShell as admin:

 

$pbkpath = Join-Path $env:PROGRAMDATA "Microsoft\Network\Connections\Pbk\rasphone.pbk"

(Get-Content -path $pbkpath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -path $pbkpath
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.