Re: Basic Active Directory Questions
- From: "Austin Osuide" <austin@xxxxxxxxxxx>
- Date: Sat, 3 Nov 2007 16:09:18 -0000
Hi BobT,
From what you are describing, Kerberos is broke in that environment.You should be able to single sign on to the share.
Check that DNS is configured correctly on the client Workstation.
Do an ipconfig /all for all 3 boxes and post pls.
Regards,
Austin
"BobT" <BobT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:8AF0C1C6-147F-4CA8-817F-E7EC8F99167F@xxxxxxxxxxxxxxxx
Well, I'll start over and hopefully explain this scenario in clearer form.
I have domain controller named DC1
I have member server named MB1
I attached member server to DC1 through changing the workgroup on MB1 to
attach to domain on DC1.
I then create a share on MB1. The share is configured for group1 that is
defined in DC1. File permissions for this share is also for this group with
full control.
From a workstation that is logged into DC1 I unc to \\MB1\DownlaodShare
which is the shared directory on MB1. When I do this from the workstation I
am prompted for login credentials. The user that I am logged into the
workstation is a member of group1.
I should be able to access the share without requiring to provide
authenticated credentials since I am already logged into DC1.
Someone has told me that there may be a policy that I need to change to
allow this?
Thanks,
--
BT
"Paul Bergson [MVP-DS]" wrote:
"I'm not quite sure what you are asking. On the member server I have a
share that is for groupA on domainA - member server is attached to domain"
. Which domain does the member server reside in?
"If I try to access member server in unc form \\memberserver\downloads I am
prompted for credentials"
. When you are attempting to access the member server, from your
workstation, which domain are you attempting to access it from? Are they in
different domains?
" If I do the same from the domain server I am not prompted for credentials
and the directory displays."
.Domain server and member server should be the exact same thing. What is
this you are trying to explain?
I am confused because I don't fully understand what does and doesn't work
and where it is happening from. Also what specific permissions are
provided, it just isn't clear to me.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"BobT" <BobT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8BF02E69-BFA8-42F3-9DAA-0B15E4B7097E@xxxxxxxxxxxxxxxx
> Paul, Jorge,
>
> I'm not quite sure what you are asking. On the member server I have a
> share
> that is for groupA on domainA - member server is attached to domain.
>
> If I try to access member server in unc form \\memberserver\downloads
> I am prompted for credentials. If I do the same from the domain server > I
> am
> not prompted for credentials and the directory displays. The > workstation
> that I try this from is attached to the domain.
>
> Bob
>
> -- > BT
>
>
> "Paul Bergson [MVP-DS]" wrote:
>
>> I think what Jorge would like to know is
>>
>> Share A = domaina\group1 change
>> NTFS = domaina\group1 read
>>
>>
>>
>> -- >> Paul Bergson
>> MVP - Directory Services
>> MCT, MCSE, MCSA, Security+, BS CSci
>> 2003, 2000 (Early Achiever), NT
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "BobT" <BobT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:EBF4F450-CD3C-4303-8347-D2618B166411@xxxxxxxxxxxxxxxx
>> > In this previous example, I have a simple share setup on a folder >> > with
>> > a
>> > couple of files in in. The Folder permissions include sample group >> > a,
>> > the
>> > ntfs file permissions within this folder include sample group a. >> > When
>> > trying
>> > to access share via unc I am requested for credentials, whereas if I
>> > unc
>> > to
>> > the domain I am not.
>> >
>> >
>> > -- >> > BT
>> >
>> >
>> > "Jorge Silva" wrote:
>> >
>> >> Can you tell the Share Permissions and NTFS permissions ?
>> >>
>> >> -- >> >>
>> >> ===================================
>> >> I hope that the information above helps you.
>> >> Have a Nice day.
>> >>
>> >> Jorge Silva
>> >> MCSE, MVP Directory Services
>> >> ===================================
>> >>
>> >> "BobT" <BobT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:7530022E-F40F-4CC6-899E-CFBE9BE68C88@xxxxxxxxxxxxxxxx
>> >> > Well we still seem to have a problem. I have Server 1 which is a
>> >> > PDC.
>> >> > I
>> >> > have server 2 no AD installed. I attach Server 2 to domain 1. I
>> >> > have
>> >> > an
>> >> > existing group on DC. On Server 2 I share a directory to this >> >> > group
>> >> > on
>> >> > domain 1. When creating share it asks for domain credentials >> >> > which
>> >> > I
>> >> > use
>> >> > domain administrator. I setup the share and now users in this >> >> > group
>> >> > on
>> >> > server 1 should have access to this share created on server 2.
>> >> >
>> >> > when user from workstation tries to access server 2, they get a
>> >> > login
>> >> > screen. If I go to server 1 and as admin try to access the share
>> >> > all
>> >> > is
>> >> > fine.
>> >> >
>> >> > What problem is not allowing the users to authenticate properly >> >> > to
>> >> > server
>> >> > 2
>> >> > when they are a member of group on DC that server 2 has a share
>> >> > defined
>> >> > to
>> >> > allow that group access.
>> >> >
>> >> > Thanks,
>> >> > Bob
>> >> >
>> >> > -- >> >> > BT
>> >> >
>> >> >
>> >> > "Jorge Silva" wrote:
>> >> >
>> >> >> Hi
>> >> >> As Paul said you don't need to make that member server a DC to >> >> >> use
>> >> >> Domain
>> >> >> cerdentials.
>> >> >> Is up to you do define the correct permissions on the shares, so
>> >> >> that
>> >> >> users
>> >> >> can access them using their domain cerdentials.
>> >> >>
>> >> >> -- >> >> >>
>> >> >> ===================================
>> >> >> I hope that the information above helps you.
>> >> >> Have a Nice day.
>> >> >>
>> >> >> Jorge Silva
>> >> >> MCSE, MVP Directory Services
>> >> >> ===================================
>> >> >>
>> >> >> "BobT" <BobT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> news:1EA2DFFD-B20F-4B50-8DCA-94B155E78E42@xxxxxxxxxxxxxxxx
>> >> >> > We have an enviornment of Windows 2000 Servers which are using
>> >> >> > active
>> >> >> > directory. Typically when we get a new server we add it to >> >> >> > the
>> >> >> > domain
>> >> >> > so
>> >> >> > as
>> >> >> > to provide centralized access. We now have a Windows 2003
>> >> >> > server.
>> >> >> > There
>> >> >> > is
>> >> >> > a preference to not install active directory on this server. >> >> >> > It
>> >> >> > has
>> >> >> > been
>> >> >> > attached as a computer to our domain controller.
>> >> >> >
>> >> >> > We now find that to authenticate for resources from domain
>> >> >> > controller
>> >> >> > we
>> >> >> > using a net use command to map drives and provide login
>> >> >> > credentials.
>> >> >> > One
>> >> >> > persons position is that domain permissions should filter down >> >> >> > to
>> >> >> > this
>> >> >> > server.
>> >> >> >
>> >> >> > My understanding is that this server needs to join the active
>> >> >> > domain
>> >> >> > tree
>> >> >> > as
>> >> >> > a secondary controller to participate in permissions granted,
>> >> >> > etc.
>> >> >> >
>> >> >> > What is best practice with multiple servers in an active
>> >> >> > directory
>> >> >> > enviornment. Can you treat or should you treat an additional
>> >> >> > server
>> >> >> > as
>> >> >> > a
>> >> >> > workstation and just attach it to the domain controller?
>> >> >> >
>> >> >> > Thanks,
>> >> >> > Bob
>> >> >> >
>> >> >> > -- >> >> >> > BT
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
.
- Follow-Ups:
- Re: Basic Active Directory Questions
- From: BobT
- Re: Basic Active Directory Questions
- References:
- Re: Basic Active Directory Questions
- From: Paul Bergson [MVP-DS]
- Re: Basic Active Directory Questions
- From: BobT
- Re: Basic Active Directory Questions
- From: Paul Bergson [MVP-DS]
- Re: Basic Active Directory Questions
- From: BobT
- Re: Basic Active Directory Questions
- Prev by Date: Re: Copy of Administrator account (Windows 2008)
- Next by Date: Re: Issue Duplicating an existing DC
- Previous by thread: Re: Basic Active Directory Questions
- Next by thread: Re: Basic Active Directory Questions
- Index(es):
Relevant Pages
|
Loading
