Re: Yet another: The account is not authorized to log in from this station

Hi
I think you need to change the Level of LM authentication on the domain
controller
Please check http://support.microsoft.com/kb/823659 (Point # 10)

I would recommend you to bring down LM authentication level Down one
step at a time and see what works.
I think it should work at level 3 (Send NTLMv2 response only)

Regards
Joshua Mally


Max wrote:
Hi,

My set-up is as follows:

W2K Server: Domain Controller
W2K Workstations (OK, no problems)
XP Workstations (OK, no problems)
Win 98SE (OK, no problems)

I can access the fileshares in the server from all workstations and also fileshares in W2K and XP workstations
from the server. But I cannot access fileshares in Win98SE from the Server. The error reads:

"The account is not authorized to log in from this station"

This is my policy setup:

Windows 2000 Server DC

Domain Controller Security Policy

Digitally sign client communication (always) Not defined
Digitally sign client communication (when possible) Not defined
Digitally sign Server communication (always) Not defined
Digitally sign server communication (when possible) Enabled

Domain Security Policy

Digitally sign client communication (always) Not defined
Digitally sign client communication (when possible) Not defined
Digitally sign Server communication (always) Not defined
Digitally sign server communication (when possible) Enabled


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\enablesecuritysignature = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\requiresecuritysignature = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters\enablesecuritysignature = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters\requiresecuritysignature = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters\enableplaintextpassword = 0

Windows 98SE - configured as per http://support.microsoft.com/kb/887429

Configuring SMB signing in Windows 98

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD\VNetsup
Add the following two registry values to this registry subkey:

Value Name: EnableSecuritySignature
Data Type: REG_DWORD
Data: 0 (disable), 1 (enable)

Note The default value in Windows 98 is 1 (enable). <---

Value Name: RequireSecuritySignature
Data Type: REG_DWORD
Data: 0 (disable), 1 (enable)

Note The default value in Windows 98 is 0 (disabled). <---


What am I doing wrong?

Tx!
Tim

.

Relevant Pages

  • Re: Workstation resolves IP of RAC instead of ethernet IP
    ... Joel commented ... > In the process of trying to connect xp workstations to ... > DNS entries for the domain controller include the IP ...
    (microsoft.public.win2000.dns)
  • Re: Logging in interactively
    ... By default users can logon to all domain computers except domain ... When you check the Local Security Policy be sure to look at the ... Controller Security Policy would have to be modified as those user rights ...
    (microsoft.public.win2000.security)
  • Re: Windows 2000 users accounts get locked out
    ... > These failed logons ... >>account logon events enabled in Domain Security Policy ... > and Domain Controller ...
    (microsoft.public.win2000.security)
  • Re: joining a computer to a domain
    ... controller ou and not the domain level. ... > Security Policy for it to take effect in the domain. ... >>> administrative account on their own machine and a valid account in ... >>> I had always been under the impression that a domain administrator ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows 2000 users accounts get locked out
    ... be "Domain Security Policy" in a default installation - it will NOT work if you do it ... Have you found any failed logon event ID's on any domain computer? ... Have you had a chance to run netdiag and dcdiag on the domain controller and netdiag ...
    (microsoft.public.win2000.security)
Quantcast