Login question: member server non member workstation

Discussion in 'Active Directory' started by simon, Aug 30, 2005.

  1. simon

    simon Guest

    Here's the senario:

    -Member server and a non domain member workstation.
    -On workstation, the username is the same as a domain account.


    When accessing a share on the member server, the user is prompted to enter
    their username and pw. To validate, they they must use domain\username +

    When accessing a share on a DC, the user is not prompted and validated

    Other than joining the machine to the domain is there another way to resolve
    the problem? Have I set something up wrong on the member server?

    Thanks in advance,

    simon, Aug 30, 2005
    1. Advertisements

  2. In
    Something wrogn on the member server or the non-member? From what I surmise
    from your post, I believe the p roblem you are speaking of is the non-member
    trying to access a share on the DC? If so, check the share permissions.
    Everyone = R is default on 2003.

    Also, you may want to disable "MS Network Server: Sign Always" in the DC's
    Domain Controller Policy. This setting will prevent communication with


    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    Ace Fekay [MVP], Aug 31, 2005
    1. Advertisements

  3. simon

    simon Guest


    Perhaps I didn't explain the problem very well. When a user on a non domain
    workstation, using a username and password that exsists in the domain, trys
    to access a member server, they're prompted to login and they must use
    domainname\username & password. If they attempt to connect to a DC, they're
    not prompted and allowed in since they're using a domain account.

    Thanks again,

    simon, Aug 31, 2005
  4. Ace,
    (as I mentioned, I'm posting the email
    It seems the member server is trying to authenticate against it;s local SAM
    database where the account doesn't exist, and not against the AD database.
    The DC apparently is using the AD database and since the user account name
    is the same with the same pwd, it's allowing it in.

    Is there a setting on a GPO? You mean the local GPO? Keep in mind, how would
    a workstation NOT joined to a domain utilize a domain GPO?

    There is a local gpo that can be accessed by tyoing in gpedit.msc, but the
    default settings in there are set low enough to allow communication.

    The only setting I can think of would be that setting I previously posted on
    a DC, but that allows communication to a DC. If it's not a member, it can't
    participate in domain security or config settings.

    I'm going to post this response in the newsgroup under your thread as well
    so others can either benefit or comment on, if someone else has anything to

    Ace Fekay [MVP], Aug 31, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.