Announcement

Collapse
No announcement yet.

authenticate users of MAP network drive

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • authenticate users of MAP network drive

    Hi we have file server , all workstation at workgroup when users try to make network map drive for spesific share at file server, authentication must like the form domainname\username and password, i want users to type username with out the domain name prefix can i do like this and how file server redirect authentication to AD auto !!our old file server had AD role installed , so problem had not apprear before.
    Last edited by abdalla; 22nd June 2009, 16:30.

  • #2
    Re: authenticate users of MAP network drive

    If I'm understanding your question correctly, all your workstations belong to a work group, and are trying to authenticate to a fileshare on a domain controller.

    So the users are being prompted for authentication and need to use domain\username. instead of just username.

    The solution to your issue is to ensure your active directory is properly set up, then join all the workstations to the domain, and ensure all the users have domain accounts to logon to windows. then they shouldn't be prompted for passwords at all.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: authenticate users of MAP network drive

      Hi all

      first thank you tehcamel

      second all workstations belong to a work group that is right and by the way DNS setting of workstations are blank .

      clients are trying to authenticate to a fileshare on a File server (which is member of mydomain).

      and to successful access the share they must authenticate as mydomain\user1 as an example (user1 is an account at mydomain)

      i need clients to type user1 only not mydomain\user1 to gain access to shared files

      as i know when try to authenticate with out typing mydomain first, this mean that authentication point to local users of file server no with domain users and this is logic

      and while user1 are not local account at file server authentication fail, only authentication successful when type mydomain\user1

      i need to teach file server to authenticate any incomming request related to domain users and never look to local users

      any idea will help
      thanks all

      Comment


      • #4
        Re: authenticate users of MAP network drive

        any ideas !!!

        Comment


        • #5
          Re: authenticate users of MAP network drive

          join the workstations to the domain.

          What reason is there for not having the workstations on the domain ?
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: authenticate users of MAP network drive

            This is customer Environment, what can i do!!!

            Comment


            • #7
              Re: authenticate users of MAP network drive

              The only way to make this work without joining the workstations to the domain is to create user accounts on the server that match the user accounts on the workstations with the same password. For instance:

              Workstation:
              username = JohnDoe
              password = Pa$$Word

              Server:
              username = JohnDoe
              password = Pa$$Word

              You'll have to do this for every user using the username they log on to the workstations with. If a user changes their password on the workstation you'll need to change it on the server.

              Comment


              • #8
                Re: authenticate users of MAP network drive

                Originally posted by abdalla View Post
                This is customer Environment, what can i do!!!
                Find a better customer

                Seriously, establish why they won't join workstations to AD and persuade them it is the best thing to do!
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: authenticate users of MAP network drive

                  Originally posted by joeqwerty View Post
                  The only way to make this work without joining the workstations to the domain is to create user accounts on the server that match the user accounts on the workstations with the same password
                  yes joeqwerty, but is i have more than 200 users, what can i do
                  is there any tool/script to read AD user account and create them local users?
                  and if so i think it can't copy passwords, and no server can hold this huge number users account.

                  Comment


                  • #10
                    Re: authenticate users of MAP network drive

                    1. I'm not aware of any tool that can do this.

                    2. You'll need to ask each user for their password so that you can set it on the user account on the server when you create them.

                    3. 200 users is not a lot and the server will have no problem with this number of users.

                    4. AFAIK, this is your only option for making this work. Continuing to ask for something that doesn't exist will not make it "come into being".

                    Sometimes work is hard and you just need to put your head down and do what needs to be done. This will take you awhile but there aren't any other options for you unless you join the workstations to the domain.

                    Comment


                    • #11
                      Re: authenticate users of MAP network drive

                      thanks joeqwerty for fast response but i have another Q,

                      Suppose that specific permission assigned to domain\user1, do you think that local\user1 will have the same permission that is assigned to domain\user1

                      i think that they are different 2 users with different SID with different Permission

                      please advice

                      Comment


                      • #12
                        Re: authenticate users of MAP network drive

                        I'm not sure. You'll have to tes it with one user first and if not then you'll have to set the permissions on the folders for the local users you create in the server. I know, it's a lot of work but I don't see any other way to do it.

                        Comment


                        • #13
                          Re: authenticate users of MAP network drive

                          Originally posted by abdalla View Post
                          thanks joeqwerty for fast response but i have another Q,

                          Suppose that specific permission assigned to domain\user1, do you think that local\user1 will have the same permission that is assigned to domain\user1

                          i think that they are different 2 users with different SID with different Permission

                          please advice
                          yes, they will be different SIDs and so normally that would not work. I know that my local "tehcamel" account on my personal, non-domain laptop, does not have access to domain resources, unless I specifically give it the domain authentication... even though they have the same passwords..

                          What I would do in your situation, is find out why the workstations are in workgroup mode - thye may have a valid logical business reason, however they may have just previoulsy been setup by a bad contractor.... then, draft an option document to your client, telling them what your research has identified... and suggesting two paths forward.

                          The first, would be to join all the workstations to the domain.. and inclusive in this option, you would tell them why this is a good idea (domain level security, patch management, policy control, better dns/network configuration etc)

                          The second option would be as mentoioned by joeqerty - that is, tell them you need to create an account for each user that has a local account. explain to them that you will need every users password, and you will need to create each account manually, and reassign all permissions accordingly. Ensure you tell them how long you expect this to take, and what it will cost and how that cost compares to simply joining workstations to a domain....
                          Also explain to them that with htis scenario, every time someone changes their local password, they will need to speak to you to change it on the domain as well.. explain how managing two sets of accounts results in double the time required to perform the same task..

                          option 3.. find a new client ? :P
                          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                          Comment


                          • #14
                            Re: authenticate users of MAP network drive

                            Great advice tehcamel. I didn't want to dig into all the issues you brought up as several others had taken that track with the OP to no avail. You summarized it very succintly and hopefully that will be the impetus for the OP to pushback on the client to do what's best.

                            Comment


                            • #15
                              Re: authenticate users of MAP network drive

                              thnaks joeqwerty and tehcamel for your advice

                              i know that this issue related to bad design .
                              i was tring to overcome this issue

                              finaly,, there is no solution rather that type: domain\user, this is the easiest way

                              thanks again

                              Comment

                              Working...
                              X