by adrien » Nov 15 11 3:17 pm
Hi
computername is a bit of a problem. Basically, there's no reliable way to get the windows computername of a computer remotely.
If the computer uses DHCP, and it's a windows computer, it will include its computername in its DHCP request, which WinGate then learns and remembers.
If the computer doesn't use DHCP, we only get the computername if the computer is using the WinGate client, or WinGate Management.
This is even though the computername may show in the activity panel. The reason is, that what is showing in activity is the result of a reverse DNS lookup (PTR) on the IP. In many environments this maps to the computername, but it's subtly different. for instance for an external connection in, it's an internet name.
So WinGate doesn't treat the reverse-DNS name as the computername.
We can't reliably use the reverse-DNS name in credential rules either, since the reverse DNS lookup can take an arbitrarily long time to complete or can fail. You probably don't want your connections waiting for the reverse lookup.
We could possibly snoop the computername out of say the NTLM protocol handshake... but then you're authing.
In fact...... I guess my question is, if you have single sign-on, why create such headaches for yourself with assumption / credential rules?
Why not just get your clients to auth? They won't be prompted for a user/pass if you're using NTLM.