RE: Authentication question

From: gordonah (gordonah_at_discussions.microsoft.com)
Date: 11/19/04

Next message: Shiny Bob: "Re: Storing Photos in Active Directory"
Previous message: Shiny Bob: "Re: Number of Domains in a Forest"
In reply to: Mark Clark: "RE: Authentication question"
Messages sorted by: [ date ] [ thread ]

Date: Fri, 19 Nov 2004 07:45:03 -0800

Mark

no. I've been having a think about this, and I can't think of any way to
force it to check the domain rather than locally first.
One final thought though, when permissioning the data, are you using the
format <domainname?\<username>, or just <username>. Use of the latter would
imply a local account.

Sorry I couldn't be of more help.

Gordon

"Mark Clark" wrote:

> Gordon,
>
> Thanks for your reply. You are exactly correct in your assessment.
> That is how it is working. I added a local account to the member server
> to test and it did in fact let me in automatically, as you said. My
> concern is that I don't want to have to maintain 1) eDirectory accounts,
> 2) Domain accounts (which are created/maintained via DirXML, but it's
> still an account to maintain...), and 3) Local member accounts (which
> are not automatic).
> I'm wondering if there's any way to have the member server "defer" to
> the PDC, or some other way to have the member server look at the AD
> accounts instead of me having to add them locally manually, or even some
> program that could be scheduled that would "push" accounts onto the
> member server from the PDC based on a group membership or something.
> I'm not familiar enough with AD to know if any of this is even possible,
> but I figure it's worth asking.
>
> Mark
>
> In article <952E0A62-80A2-4FF6-877F-D2E8080235CE@microsoft.com>,
> gordonah@discussions.microsoft.com says...
> > Mark
> >
> > just a guess, but as it stands there are three 'account databases' as such;
> > Netware, Active Directory and the MEMBER-SERVER SAM.
> > When the PC accesses the share on PDC-SERVER, the server checks against it
> > account database (the AD as it is a DC), and finds a matching
> > username/password combination. When similar is attempted on MEMBER-SERVER, it
> > checks against it's account database and draws a blank, therefore prompts for
> > a username and password. By inputting the username/password combination you
> > are implicitly or explicitly adding the domain association, i.e. DOM\username
> > password.
> >
> > As above, I'm just making this up as I go along, it seems feasible. Although
> > I'm not sure of the underlying authentication mechanics for accessing a share
> > on a member server, this theory could perhaps be tested by adding matching
> > credentials for a local account (in MEMBER-SERVER SAM), and seeing if this
> > grants access.
> >
> > Gordon
> > "Mark Clark" wrote:
> >
> > > As a bit of introduction, we are using Netware 6.5 and ZenWorks 6.5 to
> > > create dynamic local users on our XP machines (they are not in a
> > > domain). We are now trying to set up an Active Directory server in
> > > addition to this. We are using Nsure Identity Manager (DirXML) 2.0 to
> > > sychronize accounts between the NW servers and the AD domain controller
> > > (a Windows 2003 server). This is all working fine.
> > >
> > > From a client machine I can browse to \\PDC-SERVER\C$ with no problems
> > > or dialogs, even though my machine is not in the domain. I can do this
> > > because the account and password matches on both systems (NW & AD), so
> > > the PDC just authenticates me and lets me in automatically (I assume).
> > > This is the desired result. I want logins between the two systems to be
> > > totally seamless (no login dialog) once the user logs into NW.
> > >
> > > The problem: I have just added a member server to the domain. Whenever
> > > I try to browse to this member server via \\MEMBER-SERVER\C$, I am
> > > prompted to log in. If I supply the same username and password as I
> > > have already done to log in initially, the member server will let me in.
> > > However, I need this member server to just figure out that I have the
> > > same userid and password and let me in automatically, just like the PDC
> > > does. I cannot figure out how to get it to do that. Does anyone know
> > > why the PDC will automatically authenticate me while the member server
> > > will not, and how I can modify the member server behavior?
> > >
> > > Thank you!
> > >
> >
>

Next message: Shiny Bob: "Re: Storing Photos in Active Directory"
Previous message: Shiny Bob: "Re: Number of Domains in a Forest"
In reply to: Mark Clark: "RE: Authentication question"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Login - Using Tempoary Profile Problem
... You can perform the test on one problematic client account. ... please run the Add User Wizard to create a new ... This newsgroup only focuses on SBS technical issues. ... >the 2003 member server. ...
(microsoft.public.windows.server.sbs)
RE: Authentication question
... I added a local account to the member server ... I'm wondering if there's any way to have the member server "defer" to ... member server from the PDC based on a group membership or something. ...
(microsoft.public.windows.server.active_directory)
what type of user should cluster run under on member server
... After demoting one of my nodes from DC to member server, the cluster ... account that the cluster service runs under... ... Domain account which is member of the Local Computers Administrators ...
(microsoft.public.windows.server.clustering)
Re: Remote access to member server
... access the system he gets an account he is responsible for the actions of. ... The 'member server' is, according to the original post, also TS Apps mode. ... years we VPN'd to the SBS 2000 servers, then RDP to the ip of our ...
(microsoft.public.windows.server.sbs)