Re: Client need to key in credential to access shared folder
From: jeremy202 (jeremy202_at_discussions.microsoft.com)
Date: 07/08/04
- Next message: sarfaraz: "Re: Monitoring Users"
- Previous message: Jasper Rowe: "WAN Traffic with Windows AD"
- In reply to: Herb Martin: "Re: Client need to key in credential to access shared folder"
- Next in thread: Herb Martin: "Re: Client need to key in credential to access shared folder"
- Reply: Herb Martin: "Re: Client need to key in credential to access shared folder"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 7 Jul 2004 20:39:01 -0700
Q : How are they "connected" or mapped to each other?
Ans: They are connected thru WAN Link.
We have even try to open all services bet the two domain to check it is the firewall that blocking the ports but the problem still persist.
The ports bet Client and DC have already been open up.
The actual problem we have is when client at domain A connect to client at domain B, it prompt the user(domain A) to input credential before client A can view the share folder. The share folder at client B is share to everyone. Then We try to use "net view" at the command line, "net view client ip address" can view the share but "net view client hostname" it prompt "access denied".
"Herb Martin" wrote:
> "jeremy202" <jeremy202@discussions.microsoft.com> wrote in message
> news:F2A059C0-39A4-4145-A5CD-074D5EF31125@microsoft.com...
> > All my client and server have already specified their own internal DNS
> server. We have check thru all our DNS setting and the client can resolve
> the other domain client IP address.
> >
> > Currently the two domains (A & B) are in different location separated by 2
> firewall on each side.
>
> How are they "connected" or mapped to each other?
>
> > We have confirmed that all appropriate ports have been open up..
>
> Saying "all appropriate" does NOT let us help you.
>
> Depending on how they are connected you will need UDP Port 53
> AND TCP Port 53 from all possible requested to and from all
> possible responders.
>
> > Previously domain A in on NT4 and we upgrade it to win2k advance server &
> join to a existing forest which has only domain B (Win2k server). So Domain
> B is the root domain of the forest. As both the domains are in the same
> forest they have transitive trust created between the two domain
> automatically when domain A join the domain B forest.
>
> Yes.
>
> > Currently now we still have no clue that this cause by DNS or the client
> itself ?? We are still troubleshooting the problem.
>
> You don't seem to mention a problem.
>
> One would expect that you IF you need to communicate between
> these two that each DNS server on A, is also holding a "secondary"
> for B; and vice versa.
>
> If you do this, then the network addresses returned must also be
> routable.
>
> If the trusts are going to work then after the DNS is correct you
> must open the ports between DCs and their clients.
>
> If you want "other services" to work after the trust, then you have
> to open for those services too.
>
> --
> Herb Martin
>
>
> >
> >
> > "Herb Martin" wrote:
> >
> > > "jeremy202" <jeremy202@discussions.microsoft.com> wrote in message
> > > news:14D559B4-21F8-4A24-BE99-0CFBF9AB2671@microsoft.com...
> > > > Hi Herb Martin,
> > > >
> > > > All my users logon to Domain account instead of their PC local
> account. My
> > > Win98 users does not have this problem. Only XP & Win2k have this issue.
> > > >
> > > > "Herb Martin" wrote:
> > > >
> > > > > Users need to logon to a DOMAIN account instead of
> > > > > their older "machine local accounts."
> > >
> > > Ok, then your "server" needs to be in the domain.
> > >
> > > If both of those are true and you are still getting authentication
> > > challenges you have a DND problem.
> > >
> > > For AD, DNS Server must be internal, DYNAMIC for the zone
> > > supporting AD.
> > >
> > > ALL clients must specify SOLELY this internal, dynamic DNS
> > > server (group) in their NIC properties.
> > >
> > > Servers, DNS and DCs too, are also DNS clients so they must
> > > do this also.
> > >
> > > If you change anything related to the DC(s) you must restart the
> > > NetLogon process on that/those DCs.
> > >
> > >
> > > --
> > > Herb Martin
> > >
> > >
> > > > >
> > > > > --
> > > > > Herb Martin
> > > > >
> > > > >
> > > > > "Jeremy202" <Jeremy202@discussions.microsoft.com> wrote in message
> > > > > news:E1C5E7D2-013F-4AF5-9777-3AB6FA59F4F4@microsoft.com...
> > > > > > Hi Guys,
> > > > > >
> > > > > > Recently I have upgraded my existing NT4 domain to Win2k active
> > > directory
> > > > > using in-place-upgrade. Then join the upgraded Win2k domain to an
> > > existing
> > > > > forest (win2k).
> > > > > >
> > > > > > Everything was ok except when my client (XP) need to access shared
> > > folder
> > > > > from the other client (XP) in a different domain but in the same
> forest
> > > need
> > > > > to input the credential like username & password before he can view
> the
> > > > > shared folders. Both the domains have transitive trust bet them
> already.
> > > > > "net view" using ip add no problem. "net view" using pc name "access
> > > > > denied".
> > > > > >
> > > > > > Any ideas ,guys ???? Thanks in advance
> > > > > >
> > > > > > Jeremy
> > > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
>
>
>
- Next message: sarfaraz: "Re: Monitoring Users"
- Previous message: Jasper Rowe: "WAN Traffic with Windows AD"
- In reply to: Herb Martin: "Re: Client need to key in credential to access shared folder"
- Next in thread: Herb Martin: "Re: Client need to key in credential to access shared folder"
- Reply: Herb Martin: "Re: Client need to key in credential to access shared folder"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
