L2TP provide hostname instead of userID

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

I have a little problem with some laptops and Windows XP SP1.

I'm trying to join a VPN Gateway (a nortel contivity) with L2TP over IPSec.
There is no routing problem, the IPSec tunnel is mounted, but after the L2TP
is not mounted because Windows XP send the hostname of the laptop instead of
the User ID that I define in the L2TP configuration panel.

in the contivity log I see this :
Session: L2TP[computer.domain.com] attempting login

instead of this :
Session: L2TP[UserID] attempting login

I have the same problem on 3 differents laptops and I don't find any
information about how doing to correct this.

Thanks for your help !
 
Unless you are using Preshared Keys - the computer must authenticate
with a computer certificate... That is why you are seeing this...
---
Jeffrey Randow (Windows Networking MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows Network Technology Community -
http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
Windows Home Networking Community -
http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx
 
Hello,

I use login password with L2TP and I have configure all to use it like this,
and when I connect with L2TP connection, it ask me a login and a password. If
I had configure it to use certificates, the connexion should be done without
asking me a login/password.

I use certificates with IPSec.

I don't understand why windows sen the hostname when it ask me to enter a
login password for the L2TP connexion.

I have also configure the L2TP connexion via the Internet Explorer
properties to be sure to don't have differents configuration on differents
places but it don't change anything.

Or maybe is there something, somewhere, in the registry by exemple saying to
windows to use the hostname instead of the login that I enter ?

Thanks for your answer.
 
You didn't follow me....

L2TP in Windows XP requires two authentications - a computer
authentication and a user authentication.

Unless you use a cert-based system, you must use the Pre-Shared Key.
If you do not configure this, then Windows will attempt to present one
of its computer certificates. If a valid certificate does not exist
for the computer account, you will not be able to connect.

After the computer authenticates, you must then authenticate as a user
either using a UN/PW or a user certificate...
---
Jeffrey Randow (Windows Networking MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows Network Technology Community -
http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
Windows Home Networking Community -
http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx
 
Hello,

Thanks for your answer.

When you explain that with L2TP Windows do 2 authentication, one for the
computer and one for the user, You want to say that the athentication of the
computer is the IPSec authentication and the user authentication is made by
the L2TP or that after the IPSec tunnel is mounted, L2TP try the 2
authentication modes ?

If in the L2TP try to authenticate first the computer, before the user, how
can I do to disable this first authentication mode ? The contivity VPN
gateway doesn't give any way to configure 2 authentications mode for the L2TP
account, only an user account.
 
Back
Top