So, strange issue. I have a few clients with proper domains setup, and I have sold them Netgear firewals/UTMs. They would like to use their domain information in order to use their VPN connections. Fair enough, pass-through authentication is supported on the Netgear devices I've sold them.
Now the fun part. Here in my office, we have a Netgear firewall that also has the pass-through authentication feature, and I was trying to do some security checks. So, I attempted to deny myself dial-in access by denying it in AD. Yesterday, it worked great. Big fat "Access Denied" message when trying to dial in. Today, however, its not working. I can VPN in to any of my client sites, even after hitting the Deny option in AD.
Anyone seen this kind of behavior before? Does it take time to refresh the properties? I could have sworn that user properties were looked up fresh on every log in, and not cached unless the user was already logged in, or something like that. I do have to admit, my AD knowledge is rather weak, so I'm not assuming I'm even going on the right path here.
Thanks in advance /r/sysadmin <3
[link] [2 comments]