we have a site-to-site VPN with a Cisco Router and a PIX. On a PIX I've implemented AAA model for authenticating traffic through the PIX to end devices for services like FTP, HTTP, Telnet, with an external RADIUS Server (IAS MS)
Is it possible to authenticate the user when he tries to connect to a server for browsing the net resources and associate him the batch-file or the URL of this batch file defined on Active Directory via RADIUS ???
For me no ... but I want to be sure...maybe we can start Authentication via RADIUS when a user start a batch on the remote PC, trying to map network drives when the traffic reach the PIX???
A lot of windows networking stuff occurs behind the scenes. Remember, all NT based OS's on the domain have machine accounts in the domain, just like your users do. system policies, authentication, etc all occur behind the scenes. Trying to force "user" level actions to auth, and not systems would be near miraculous - after all, users and machine accounts are not much different at all - same construct, just different default privileges.
SO, I would recommend not mucking with things that could break your windows networking. Instead, google for the NSA guides to securing windows, and think about cranking up your auditing and logging policies on your actual windows machines.
Thanks for info...to precise the remote user are externals and must use the file server (mapping the shared folders) dedicated only for their operations.
It sound that the best solution would be leaving the authentication on the Domain created on this file System...instead of authenticate the user on the PIX, when the customer PC try to access the shared folder using TCP 139...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :