Hi Paul, This could be DNS related to the Kerberos token. I would check that you're giving out a domain controller for the DNS server in your PPP profile and if not then you're relaying via something else (like the router) which also provides the suffix resolution. Using a DC would be the way to go though. Cheers, RJ -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Paul Julian Sent: Tuesday, 28 May 2019 8:19 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik VPN and MS Windows authentication issues Hi Jason, I believe that all of the machines connecting in via VPN as part of the domain and are regularly plugged into the network at the office. Regards Paul -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Jason Hecker Sent: Tuesday, 28 May 2019 10:15 AM To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] Mikrotik VPN and MS Windows authentication issues Is their computer on the PPTP VPN already joined to the domain? Or is it a Home edition where they need to keep plugging in their credentials to access resources? You can always go to the credential manager on their PC and delete the existing cached credentials and they can type them in fresh (maybe after a reboot). On Tue, 28 May 2019, at 10:11, Paul Julian wrote:
Hi All,
We have a customer who is running a Windows server environment with Active Directory, they also use a Mikrotik and run PPTP VPN to connect into their office. They are having issues with authentication on the Windows PC's when accessing the shares on the server and wondering if anybody has any suggestions on how to make this work.
I recall some time ago that there were issues if the cached credentials on the PC's weren't updated regularly, and I have also wondered if using Windows IAS for the VPN Authentication may help but the customer is looking to us for help and I haven't really done this sort of thing for a while and was hoping that somebody could point me in the right direction for a solution which would work for them and not cause them to have to re-auth when accessing those resources on the server.
Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Regards, Jason Hecker <https://www.upandrunningtech.com.au/> <https://www.upandrunningtech.com.au/> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au