[pptp-server] NT Domain Logon via VPN

Cowles, Steve Steve at SteveCowles.com
Wed Oct 3 14:07:16 CDT 2001

> -----Original Message-----
> From: Christopher Kalos [mailto:ckalos at gothambroadband.com]
> Sent: Wednesday, October 03, 2001 11:48 AM
> To: Poptop Mailing List
> Subject: [pptp-server] NT Domain Logon via VPN
> 	I know I've seen this under some implementation of the 
> VPN client for Windows 2000, and I'm wondering how (or if!)
>.. it's possible with PoPToP and Samba.  After the initial
> connection, it should be possible with the MS VPN Server to
> force the Win2000 client to return a login dialog requiring
> the user to enter their NT username, password, and domain.
> 	Is there a way to enable this for the PPTP server so 
> that VPN systems are also part of the Windows Domain and
> Domain users can log on with full rights, regardless of the
> system that they connect from?

Conceptually, not a bad idea. And I'm sure someone could write a program to
prompt for the username/password/domain after the PPTP session is
established. But you will still be faced with the problem of how the PPTP
client will "first" join that domain. i.e. Without first joining the domain
(SID), your domain logon credentials (rights) are meaningless. 

FWIW: I have been successful at joining an MS domain across a PPTP session,
but then I also had admin rights to do so. This is where the real problem
lies in what you are proposing for your average user, or better yet,
maintaining a decent security model.

Steve Cowles

More information about the pptp-server mailing list