Re: Authentication woes

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: Meinolf Weber
• Date: Thu, 25 Sep 2008 18:53:15 +0000 (UTC)

---

Hello Jon,

Please post an unedited ipconfig /all from both machines. See also inline.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

I have users who are having trouble accessing resources and synching
passwords.

User (winXP sp3) is on network 192.168.168.0/24
DC (win2k3 sp2) is on network 10.1.115.0/24
Both networks are fully routed no ACLs.
User account and laptop account are members of the domain/ AD forest.

DHCP server belongs to a different domain, but custom DNS suffix
search list is in place.

When user logs into laptop user has to use a cached password (as if
the laptop is unable to contact the DC). However when browsing (or
printing) from that DC user is prompted for credentials at which point
user must enter domain\username and password on DC (not cached laptop
password). Given the correct credentials user can browse the DC's
shares and print to it's shared printers.

1) Why is user being challenged for credentials - shouldn't XP laptop
know that credentials are out of synch and notify user with a tray
icon?

If the user logon with cached credentials, there is on additional check or bypassing the account infos to the DC's when you connect to it.

2) If laptop is in the domain/ ad forest why must user specify them
when accessing the DC?

Which way of access do you mean? Logon to the server dircetly or logon with the client in the domain?

3) Why doesn't laptop authenticate to the DC by default instead od
using cached credentials?

If you are on the network where the DC is located and you logon with cached credentials, then it seems that there is no good connectivity.
Another reason for the ipconfig /all from the beginning.


.

---

• Follow-Ups:
  • Re: Authentication woes
    • From: Jon Bakersfield

• References:
  • Authentication woes
    • From: Jon Bakersfield

• Prev by Date: Re: Stop Active Directory Services
• Next by Date: Re: group membership to allow joining domain
• Previous by thread: Authentication woes
• Next by thread: Re: Authentication woes
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: How to change password? ... No he will not be able to logon with cached credentials unless he knows the ... still allow him access to the domain through the VPN not being able to logon ... use a local admin account to get into the laptop and is able to connect to ... (microsoft.public.windowsxp.security_admin) Re: Remote User Needs to Change PWD without connecting to domain ... The maximum number for cached logons is for Domain accounts only. ... there is no concept of "cached credentials" for those accounts. ... Unless the number is changed from the default, only the last 10 accounts to logon while ... I suspect that a better alternative (than having everyone logon to the laptop ... (microsoft.public.win2000.security) Cached credentials. ... I have a user unable to logon to his laptop with cached credentials. ... Using XP SP2 on a new Dell ... (microsoft.public.windowsxp.security_admin) Re: Prompted for credentials. Invalid ticket? ... cached credentials in the protected storage. ... This is the cause of the logon failures the remote ... the AutoUpdate service in the McAfee Anti-Virus software that affects the ... (microsoft.public.windows.server.sbs) Re: Cannot connect to computer not joined to domain ... (cached credentials). ... credentials cannot be checked and does not present me a login-dialog. ... > Hi Erik, ... > explains why it's looking for a DC during the logon ... (microsoft.public.win2000.networking)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2008-09