Share Login Failure through VPN

  • I'm replacing a Watchguard firewall with a computer running PFSense and have run into an issue with VPNs. I am using a Radius server on the Windows Server 2016 VM for authentication. It's a fairly simple network, two VMs (DC and file/print) and about a dozen users.

    I can connect with the OpenVPN client without problem (it does prompt me for a password). Once connected, I can ping devices on the remote network as expected. What I'm not able to do is to map a drive letter (net use...) or to browse to the shares on the file sharing VM, whether by UNC or by IP (e.g. Start, Run, \ When I try either I get the message: "Login failure: the user has not been granted the requested login type at this computer".

    I've tried this with various users, including Administrator and get the same results.

    It seems clear to me that there's an issue with the user name once I've connected. If I make the connection and try the command:
    net use \\shared
    I get the error mentioned above.
    BUT.... if I use:
    net use \\shared /user:mydomain.local/administrator
    It will prompt me for the password and then it will work.

    I have checked the PFSense OpenVPN server and nothing is standing out to me as an issue. I do have DNS Default Domain checked and set to the remote domain name (mydomain.local). It is also set to provide a DNS server from the remote domain. I don't think any of those settings should matter as I'm using the IP address.

    It seems clear to me that it knows who I am when I authenticate to make the VPN connection, since I'm using Radius to the AD, but somehow it doesn't really know who I am when I try to access network resources.

    I've set up a similar configuration on a different network and it worked without this sort of problem. I'm not seeing what I did differently here.

    What is the likely cause of this or how should I be troubleshooting it?

  • @CompProbSolv said in Share Login Failure through VPN:

    Login failure: the user has not been granted the requested login type at this computer".

    Try adding the credentials into the Credential Manager on the client machine. This video has a good walkthrough:
    Youtube Video

  • @CompProbSolv
    You can also set up a Group Policy Object to map a network drive for groups of users. Here's a good walkthrough for doing that:
    Youtube Video

  • Thank you for the suggestions, but they really don't address the basic issue. Once connected with the VPN, the server should know who I am and credentials shouldn't be needed again.

    I tried this on a couple of other computers and discovered that it's something particular to my computer. That makes for a much different troubleshooting process. I'll close this as I look into it.


Log in to reply