Hi everyone, I am somewhat a newbie to the linux world but i do know some things. What i am trying to do here is remotely log into my linux domain controller via windows network connection VPN. I can successfully log into the Cisco VPN router but i can't seem to get logged into my PDC.

The error i keep getting is "Error 691: access was denied because the username and/or password was invalid on te domain". can anybody steer me in the right direction?

If you need me to give more info please let me know.. again i'm kinda new to this...

what are you using to try and logon to the domain. I am guessing that you are using the cisco vpn client to make the connection to the cisco router correct?

well the actual cisco router is just running the VPN server.

I created a VPN network connection from windows XP. I've created the connection with the following settings:
The networking tab it set to PPTP VPN
The security tap is set to Optional data encryption and the "allow these protocols" radio button is checked allowing CHAP, MS-CHAP, and MS-CHAP v2.

I'm not having any issues with logging in to the VPN router i'm just not allowed to log into my debian Domain Controller.

Thanks for your help..

I still am confused on what you application will not authenticate correctly. Or are you saying that your vpn client will authenicate against your debian domain controller.

In Windows XP Pro under the control panel there is network connections. if you go into network connections and create a new network connection you have the ability to choose VPN as the type of connection. when your setting up the connection you have some settings to set.. the tabs are "General", "Options", Security", "Networking", and "Advanced"

Under each tab i have the following settings.

General: xxx.xxx.xxx public address

Options: Display progress, Prompt for name and user, include windows logon domain are all checked.

Security: the advanced radio button is slected and the advanced section is slected with the following settings.. Data incryption is opitonal, challange CHAP is checked, MS-chap is checked, and MS-chap v2 is checked as well.

Networking: Type of VPN is set to PPTP VPN

Advanced: nuthing is set..

now when i have the "include windows logon domain" unchecked the VPN connection works perfectly.. if i have the "include wondows logon domain" checked then i get the err stated in my first post.. My domain controller is a debian machine if you need any information from my server i'll gladly provide it.. I hope this helps :-) thanks for your help so far...

ahh I see. Well from my best guess I would say that your router is not forwarding ldap queries to the server. Could be possibly blocking that port or could be an ACL issue. Try and setup your vpn as a passthrough so we can ensure that your firewall is not the problem.

Once i'm connected to my VPN router i can surf my entire netwrok remotely, and i can get to all my drives by manually mapping them.. how ever, i have to use my server's ip address for the mapping to work..... \\server\drive wont work but \\123.123.123.123\drive will work.. my drives require user name and passwords and when i enter them the domain accepts it. it just wont accept the user name and password for the domain when trying to connect remotely..

I'm thinking its something to do with authenticating.

Well to fix the name issue looks like your vpn is not setup to map you to the correct dns server. As for the other problem what happens if you enter
domain\username and password.

everything i've tried gives me the same error... "Error 691: access was denied because the username and/or password was invalid on the domain" I know its a valid username and password because i'm useing my own username and password..

Could be a dns issue did you try placing the domain name infront of the username.

Username: <domain>\<username>
Password: ***********

I tried that.. Same error. i've tried every combination i could think of.. I know i'm not an expert at this but i really didnt think it would be this difficult :-) oh well.

I think it could be a dns issue that is the problem. Lets try and fix that first which in turn may fix this issue.

thats what i was thinking. I do have my IP name-server in my routers configuration though. the actual line is

ip name-server xxx.xxx.xxx.xxx and its the correct ip address for my internal DNS

what does ipconfig return on your windows box. Post the whole output if possible.

after looking at the Ipconfig i think something is really wrong. when the connection is active the VPN router handed out the same ip address for the connection and the default gatway. and the subnet is 255.255.255.255 that dont look right but then again i am a newbie to this.. the following is what shows up with ipconfig

PPP adapter connection name

Connection-specific DNS suffix . :
Discription...................... : WAN <PPP/SLIP> Interface
Physical Address................. : 00.00.00.00.00.00
Dhcp Enabled..................... : No
IP Address....................... : 192.168.1.17
Subnet Mask...................... : 255.255.255.255
Default Gateway.................. : 192.168.1.17
DNS Servers...................... : 192.168.1.22