Meraki

Community

Client VPN and user permissions

Solved
tantony
Head in the Cloud
‎Feb 26 2019 4:44 PM
‎Feb 26 2019 4:44 PM

Client VPN and user permissions

I’m using Meraki cloud authentication for VPN, so the username is in abcd@company.com and password format. 

 

After a user connect to VPN, and try to go to a file path, it’s prompting to login again. They can only access the files if they login with their AD account. 

 

How can I fix this?

0 Kudos
1 Accepted Solution
In response to tantony
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 26 2019 7:31 PM
‎Feb 26 2019 7:31 PM

When browsing to a Windows resource the Windows workstation will try to authenticate using the currently logged in users credentials (as in the workstation credentials - not the VPN credentials).

 

So if you VPN in, and then browse to a file server and are prompted with a username/password again - it is because the user on the workstation is not using credentials that the server will accept.

View solution in original post

5 Replies 5
tantony
Head in the Cloud
‎Feb 26 2019 5:08 PM
‎Feb 26 2019 5:08 PM

Can I make an account in AD, and create an alias pointing to abcd@company.com?

0 Kudos
In response to tantony
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 26 2019 7:31 PM
‎Feb 26 2019 7:31 PM

When browsing to a Windows resource the Windows workstation will try to authenticate using the currently logged in users credentials (as in the workstation credentials - not the VPN credentials).

 

So if you VPN in, and then browse to a file server and are prompted with a username/password again - it is because the user on the workstation is not using credentials that the server will accept.

In response to PhilipDAth
tantony
Head in the Cloud
‎Feb 27 2019 2:31 AM
‎Feb 27 2019 2:31 AM

Ok that’s what I thought. I tried the same file path and I had the same issue. 

 

We we had a power outage so we had to shutdown all of our servers. I restarted the servers when the power came back. So may be something to do with it. 

 

Thanks 

0 Kudos
In response to tantony
Nash
Kind of a big deal
‎Feb 27 2019 9:25 AM
‎Feb 27 2019 9:25 AM

I'd honestly recommend swapping to RADIUS, but if you have to use Meraki cloud...

 

Assuming a Windows computer, you can modify the rasphone.pbk file such that it won't try to use the VPN credential to authenticate to the server. It's fairly simple to do in PowerShell, so I've grabbed snippets from a larger client VPN install script of mine.

 

You will need to run this again every time you add a new VPN connection to the Windows client, if I understand correctly. 

 

This only works if the rasphone.pbk file exists where it's expecting it to. So make sure you have a VPN connection setup and make sure rasphone.pbk exists.

 

Single user connection:

 

$pbkpath = $env:APPDATA 'Microsoft\Network\Connections\Pbk\rasphone.pbk'
(Get-Content -path $pbkpath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -path $pbkpath

 

All user connection - launch PowerShell as admin:

 

$pbkpath = Join-Path $env:PROGRAMDATA "Microsoft\Network\Connections\Pbk\rasphone.pbk"

(Get-Content -path $pbkpath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -path $pbkpath
Windows 10 Client VPN scripts: Makes life better!
0 Kudos
JesusConejo
New here
‎Dec 29 2021 11:37 AM
‎Dec 29 2021 11:37 AM

https://www.youtube.com/watch?v=qqcC1aiGj0s

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.