Client VPN and user permissions

SOLVED
tantony
Head in the Cloud

Client VPN and user permissions

I’m using Meraki cloud authentication for VPN, so the username is in abcd@company.com and password format. 

 

After a user connect to VPN, and try to go to a file path, it’s prompting to login again. They can only access the files if they login with their AD account. 

 

How can I fix this?

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

When browsing to a Windows resource the Windows workstation will try to authenticate using the currently logged in users credentials (as in the workstation credentials - not the VPN credentials).

 

So if you VPN in, and then browse to a file server and are prompted with a username/password again - it is because the user on the workstation is not using credentials that the server will accept.

View solution in original post

5 REPLIES 5
tantony
Head in the Cloud

Can I make an account in AD, and create an alias pointing to abcd@company.com?

PhilipDAth
Kind of a big deal
Kind of a big deal

When browsing to a Windows resource the Windows workstation will try to authenticate using the currently logged in users credentials (as in the workstation credentials - not the VPN credentials).

 

So if you VPN in, and then browse to a file server and are prompted with a username/password again - it is because the user on the workstation is not using credentials that the server will accept.

Ok that’s what I thought. I tried the same file path and I had the same issue. 

 

We we had a power outage so we had to shutdown all of our servers. I restarted the servers when the power came back. So may be something to do with it. 

 

Thanks 

Nash
Kind of a big deal

I'd honestly recommend swapping to RADIUS, but if you have to use Meraki cloud...

 

Assuming a Windows computer, you can modify the rasphone.pbk file such that it won't try to use the VPN credential to authenticate to the server. It's fairly simple to do in PowerShell, so I've grabbed snippets from a larger client VPN install script of mine.

 

You will need to run this again every time you add a new VPN connection to the Windows client, if I understand correctly. 

 

This only works if the rasphone.pbk file exists where it's expecting it to. So make sure you have a VPN connection setup and make sure rasphone.pbk exists.

 

Single user connection:

 

$pbkpath = $env:APPDATA 'Microsoft\Network\Connections\Pbk\rasphone.pbk'
(Get-Content -path $pbkpath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -path $pbkpath

 

All user connection - launch PowerShell as admin:

 

$pbkpath = Join-Path $env:PROGRAMDATA "Microsoft\Network\Connections\Pbk\rasphone.pbk"

(Get-Content -path $pbkpath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -path $pbkpath
JesusConejo
New here
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels