Using Pertino with Active Directory
-
Pertino is a new VPN (and more) platform that we can use to replace traditional VPN links (think IPSec or OpenVPN) for Windows clients. Getting Pertino to work as a replacement for traditional VPN options as a means of handling Active Directory authentication is pretty easy and works very reliably in my testing.
The first step in enabling Pertino for AD is to get Pertino installed and running on the Domain Controller(s) as well as on any clients that you wish to have authenticate to Active Directory. Just download the client from Pertino.com and add all of the clients to the same Pertino network.
Once all of the machines have been joined together (open up your Network Places dialogue and you should see all of the machines listed there) then we need to manually add our DNS servers to the client machines so that they can look up the Active Directory information. DNS is a requirement for AD so this step is necessary even though through Pertino we feel like we can see the Domain Controllers already.
Pertino runs on IPv6 so we can’t use our traditional IPv4 addresses in order to reach our Domain Controllers (go ahead, don’t believe me, try pinging them.) So you need to log into each Domain Controller and find its IPv6 Pertino network address. Typically you will have two Domain Controllers and each will act additionally as the DNS server so everything will be nice and neat. Extrapolate if you are doing something more exotic. On each client machine go into the network adapter settings for the Pertino connection, select the IPv6 protocol and go to Properties. Here you can enter your IPv6 DNS servers. Put your primary and secondary DCs’ IPv6 addresses in here.
Once you have done this you should be able to ping your domain controllers by name via IPv6. Now you can reliably have the client machine join the domain and authenticate automatically. After reboot Pertino should connect before you attempt to log in so logging in with domain users who do not have cached credentials should work right away. You will need to manually enter these two IPv6 DNS entries on each client wishing to be joined to Active Directory through Pertino.
Originally posted on April 5, 2013 at scottalanmiller.com which is no longer active.
-
I think they pulled IPv6 support awhile back. All my Pertino devices are IPv4. Also, note that I have problems with builds 520+ when installing it on Windows DCs/DNS servers. The DNS records do not dynamically update when Pertino is installed. 510 works OK, though. I have a custom 529 build that support gave me that is basically 510 but enables some more verbose logging so they can find out what is going on.
-
@wrx7m said:
I think they pulled IPv6 support awhile back. All my Pertino devices are IPv4. Also, note that I have problems with builds 520+ when installing it on Windows DCs/DNS servers. The DNS records do not dynamically update when Pertino is installed. 510 works OK, though. I have a custom 529 build that support gave me that is basically 510 but enables some more verbose logging so they can find out what is going on.
This is an old article from 2013 being reposted because @scottalanmiller stopped maintaining the original.