we use vpn to corporate then fob access to the labs only, not integrated.
Question, can you not throw a radius server in between the domain and the outside so that inside the authenticate with normal id and when remote, the radius server would use the normal tokens to pass thru to the windows domain?
sorry
daemon