Announcement

Collapse
No announcement yet.

cannot access member server from non-domain computer

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • cannot access member server from non-domain computer

    I did a new install of 2003 server and made it the sole DC (for now) of
    a new forest and domain. I did another new install of 2003 server and
    joined it to the new domain as a member server. I created a test file
    share on each server (the DC and the member server). The two shares
    have identical filesystem and share permissions. Both file shares work
    normally from a workstation that has been joined to the domain.

    However, when I use a workstation that is NOT yet part of the domain, I
    can only access the share on the DC. Trying to access the share on the
    member server results in continuous prompts for credentials.

    - I am using a local account on the non-domain-member workstation
    who's user/pass is identical to that of a valid domain user.
    - The non-domain workstation has the netbios version of the domain
    name set for its workgroup membership.
    - I can log in using the user/pass to the local console of the member
    server, so that tells me the member server is getting the needed AD
    info.
    - I have not yet raised the domain or forest functional levels.

    I'm guessing there is a setting in the 'Default Domain Controller' gpo
    that allows non-domain computers to connect using NTLM. Unfortunately I
    can't find the right security setting. I even tried linking that gpo
    against the member server, but I still couldn't connect to it.

    We've already rescheduled our deployment of Windows 2003 (migrating
    from Netware) once due to this problem, and I think I've exhausted all
    my ideas to solve it. I hope somebody out there knows which knob to
    twist.

    Thanks in advance!

  • #2
    Re: cannot access member server from non-domain computer

    when you try and access the file from the pc and are prompted for the uname and pasword, are you entering the credintials using domain\username then password?

    Comment


    • #3
      Re: cannot access member server from non-domain computer

      > are you entering the credintials using domain\username then password?

      Yes, I've tried it both that way, and with just the plain username.

      When I access an identically configured share on the DC, I'm not even prompted for credentials. The workstation automatically gives the server the local user/pass I'm logged in with, the DC takes it, and all is well. The thing that baffles me is the difference in behavior between a share on the DC versus a share on a member server. That's what made me think it's a GPO policy somewhere, but I sure can't find it.

      Comment


      • #4
        Re: cannot access member server from non-domain computer

        dt

        I'm not sure its a gpo, but to prove it u could create a new ou and block policy inheritance to it. move the member server into that ou and make sure no policy is applied. I'd also try creating a different user a/c on the dc and trying to access it with those credentials.

        Jem

        Comment


        • #5
          Re: cannot access member server from non-domain computer

          > not sure its a gpo, but to prove it u could create a new ou and block policy inheritance

          Now *that* is a good idea. I will try it and report back. Thanks!

          Comment


          • #6
            Re: cannot access member server from non-domain computer

            > not sure its a gpo, but to prove it u could create a new ou
            > and block policy inheritance

            Tried it, but it didn't help. However, I did find something else.

            I swear I already tried this, but today, when prompted for credentials after accessing the member server, I used 'domain\user' instead of just 'user', and it worked! I sure thought I tried that before. Fortunately this appears to be a one time complication... if I check 'save password' the credentials prompt does not return.

            It still seems strange that the DC doesn't need 'domain\user' and the member server does, but at least now the migration can go forward this weekend.

            Comment


            • #7
              Re: cannot access member server from non-domain computer

              nice one. let us knowhow the migration goes.

              Comment

              Working...
              X