- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Re: AD user should connect to RA VPN automatically
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AD user should connect to RA VPN automatically
I have a query when RA VPN users log in to the system with AD credentials, they also should get connected to VPN automatically. The client should not ask them to put a username and password to connect to VPN same AD credentials should be used.
Is there a way to achieve this with AD username and passwords or is any other way which can work?
I tried enabling password caching and connect mode to always but that is also not working.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Secure Domain Login can bring up the VPN when the user logs in, but this requires credentials to be entered.
Certificates could be used for the VPN portion of the authentication in this case, particularly ones stored in the Windows Certificate Store (particularly one that cannot be exported).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@PhoneBoy could you please guide me on this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Secure Domain Login can bring up the VPN when the user logs in, but this requires credentials to be entered.
Certificates could be used for the VPN portion of the authentication in this case, particularly ones stored in the Windows Certificate Store (particularly one that cannot be exported).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@PhoneBoy Thanks for the response, could you please clarify which certificate I can use, in order to achieve the requirement.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use any certs for this, including ones from the ICA.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@PhoneBoy Could you please confirm if we can go with CAPI certificate?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don’t see why not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have client where this works perfectly fine. Just as a test, can you have them delete/re-create the site?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@the_rock I would like to know how it works perfectly fine. I tried to recreate the site but it's same.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I dont know what to tell you...we configured IA blade while ago, integrated with access roles and AD server and VPN works fine as auto connect/cashed creds.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is there a chance back in the day when you did it, you had to edit the trac to allow cached credentials in the VPN clients?
i even think it might be required to edit the trac file on the gateway to "allow it" and also edit it on the Endpoint client.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, we did do that on both, correct.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@skandshus @the_rock What I have to edit? I don't see anything related to password caching trac.ttm file
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you send me the files, I can check, but its been some time, so cant remember now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think we may have changed default auth method to username-password.