Re: Basic Active Directory Questions
- From: BobT <BobT@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 3 Nov 2007 12:26:00 -0700
Austin,
The results are as follows:
DC1 Server
IP address 10.81.20.11
DNS 10.81.20.19
MB1 Server
IP Address 10.81.20.15
DNS 10.81.20.19
Workstation
IP Address 10.4.24.111
DNS 10.81.20.19
The DC1 Server is a AD global catalog
The DNS address refers to another domain controller server that has a trust
to DC1
Bob
--
BT
"Austin Osuide" wrote:
Hi BobT,.
From what you are describing, Kerberos is broke in that environment.
You should be able to single sign on to the share.
Check that DNS is configured correctly on the client Workstation.
Do an ipconfig /all for all 3 boxes and post pls.
Regards,
Austin
"BobT" <BobT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8AF0C1C6-147F-4CA8-817F-E7EC8F99167F@xxxxxxxxxxxxxxxx
Well, I'll start over and hopefully explain this scenario in clearer form.
I have domain controller named DC1
I have member server named MB1
I attached member server to DC1 through changing the workgroup on MB1 to
attach to domain on DC1.
I then create a share on MB1. The share is configured for group1 that is
defined in DC1. File permissions for this share is also for this group
with
full control.
From a workstation that is logged into DC1 I unc to \\MB1\DownlaodShare
which is the shared directory on MB1. When I do this from the workstation
I
am prompted for login credentials. The user that I am logged into the
workstation is a member of group1.
I should be able to access the share without requiring to provide
authenticated credentials since I am already logged into DC1.
Someone has told me that there may be a policy that I need to change to
allow this?
Thanks,
--
BT
"Paul Bergson [MVP-DS]" wrote:
"I'm not quite sure what you are asking. On the member server I have a
share that is for groupA on domainA - member server is attached to
domain"
. Which domain does the member server reside in?
"If I try to access member server in unc form \\memberserver\downloads I
am
prompted for credentials"
. When you are attempting to access the member server, from your
workstation, which domain are you attempting to access it from? Are they
in
different domains?
" If I do the same from the domain server I am not prompted for
credentials
and the directory displays."
.Domain server and member server should be the exact same thing. What
is
this you are trying to explain?
I am confused because I don't fully understand what does and doesn't work
and where it is happening from. Also what specific permissions are
provided, it just isn't clear to me.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"BobT" <BobT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8BF02E69-BFA8-42F3-9DAA-0B15E4B7097E@xxxxxxxxxxxxxxxx
Paul, Jorge,
I'm not quite sure what you are asking. On the member server I have a
share
that is for groupA on domainA - member server is attached to domain.
If I try to access member server in unc form \\memberserver\downloads
I am prompted for credentials. If I do the same from the domain server
I
am
not prompted for credentials and the directory displays. The
workstation
that I try this from is attached to the domain.
Bob
--
BT
"Paul Bergson [MVP-DS]" wrote:
I think what Jorge would like to know is
Share A = domaina\group1 change
NTFS = domaina\group1 read
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"BobT" <BobT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EBF4F450-CD3C-4303-8347-D2618B166411@xxxxxxxxxxxxxxxx
In this previous example, I have a simple share setup on a folder
with
a
couple of files in in. The Folder permissions include sample group
a,
the
ntfs file permissions within this folder include sample group a.
When
trying
to access share via unc I am requested for credentials, whereas if I
unc
to
the domain I am not.
--
BT
"Jorge Silva" wrote:
Can you tell the Share Permissions and NTFS permissions ?
--
===================================
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
===================================
"BobT" <BobT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7530022E-F40F-4CC6-899E-CFBE9BE68C88@xxxxxxxxxxxxxxxx
Well we still seem to have a problem. I have Server 1 which is a
PDC.
I
have server 2 no AD installed. I attach Server 2 to domain 1. I
have
an
existing group on DC. On Server 2 I share a directory to this
group
on
domain 1. When creating share it asks for domain credentials
which
I
use
domain administrator. I setup the share and now users in this
group
on
server 1 should have access to this share created on server 2.
when user from workstation tries to access server 2, they get a
login
screen. If I go to server 1 and as admin try to access the share
all
is
fine.
What problem is not allowing the users to authenticate properly
to
server
2
when they are a member of group on DC that server 2 has a share
defined
to
allow that group access.
Thanks,
Bob
--
BT
"Jorge Silva" wrote:
Hi
As Paul said you don't need to make that member server a DC to
use
Domain
cerdentials.
Is up to you do define the correct permissions on the shares, so
that
users
can access them using their domain cerdentials.
--
===================================
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
===================================
"BobT" <BobT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1EA2DFFD-B20F-4B50-8DCA-94B155E78E42@xxxxxxxxxxxxxxxx
We have an enviornment of Windows 2000 Servers which are using
active
directory. Typically when we get a new server we add it to
the
domain
so
as
to provide centralized access. We now have a Windows 2003
server.
There
is
a preference to not install active directory on this server.
It
has
been
attached as a computer to our domain controller.
We now find that to authenticate for resources from domain
controller
we
using a net use command to map drives and provide login
credentials.
One
persons position is that domain permissions should filter down
to
this
server.
My understanding is that this server needs to join the active
domain
tree
as
a secondary controller to participate in permissions granted,
etc.
What is best practice with multiple servers in an active
directory
enviornment. Can you treat or should you treat an additional
server
as
a
workstation and just attach it to the domain controller?
Thanks,
Bob
--
BT
- Follow-Ups:
- Re: Basic Active Directory Questions
- From: Austin Osuide
- Re: Basic Active Directory Questions
- References:
- Re: Basic Active Directory Questions
- From: Paul Bergson [MVP-DS]
- Re: Basic Active Directory Questions
- From: BobT
- Re: Basic Active Directory Questions
- From: Paul Bergson [MVP-DS]
- Re: Basic Active Directory Questions
- From: BobT
- Re: Basic Active Directory Questions
- From: Austin Osuide
- Re: Basic Active Directory Questions
- Prev by Date: Re: Domain security Policy
- Next by Date: Re: strange oldcmp.exe output...
- Previous by thread: Re: Basic Active Directory Questions
- Next by thread: Re: Basic Active Directory Questions
- Index(es):
Relevant Pages
|
