Dear all,
If've got a kind of a network/mpls/vpn/authentication issue.
The setup is as follows:
- 2k3 domain with some 2k8 R2 domain Controllers
- 3 sites connected through a MPLS Network
-> Everything above works fine. But:
Our Homeworkers can connect to the MPLS Network via a IPSec VPN Connection of our Service Provider. The authenticate themselves with an installed Computer certificate and a combination of username/password. The get an IP from the ISP which is in the MPLS handled like a fourth site. In the AD I've added the subnet of this site to our Headquarter. Routing is fine, DNS also.
But because they authenticate themselfes against the ISP with an ISP username/password combination the cannot access our fileshares or our 2k3 Exchange (ok, Exchange asks for username/password, but the fileserver don't ("extended error").)
Example:
Domain: OurCompany
Local Username: ourcompany\john.doe
Local Password: pass1234
VPN-Credentials: john.doe@isp-vpn.com
VPN-Password: anotherPassword
Local Subnet: 192.168.1.0/24
VPN Subnet: 192.168.100.0/24
-> They try to access a share at \\192.168.1.1\share -> Access denied, Extended error
How can I pass through the credentials they used to log into _the Notebook_ and not the credentials they used to log _into the VPN_?
Every hint, every idea is very welcome! Maybe I'm missing something big?
Cheers,
Thomas