User authorisation

Hi All

Is there a way or authorising users that do not logon to a
DC, to be able to access folders on a member server? The
reason for this is that I have just demoted a DC to a
member server that holds the user areas, laptops that do
not logon to the domain were able to access the shares
because the server was a DC. Other than adding each user
as a local user, setting up a trust for each Laptop or
moving the user areas to a DC and remaping the drives.
What else could I try?

Hope I've explained the problem in a way someone can
understand.

Thanks in advance

Alex Hart

 

Hi Alex,

Sure there is. Client's don't have to be members of domain to access
resources on other domain members, but they will need appropriate
permissions on drives or you will have to allow anonymous access (not
recommended for security reasons)...

When you e.g. go to shared folder e.g. \\file_server\share_data and you get
prompted for access under username enter:

domain\username

and under password enter password for username. Replace "domain" part with
NetBIOS name of domain. If you have any more questions, feel free to ask
.

I hope this helps,

Mike

 

Hi Mike

Thanks for the help but it doesnt seem to like that.
It appears as if it can not authorise the user for some
reason.

Alex

\\file_server\share_data and you get

 

Alex,

Do you get a windows asking for authentication? Do you use domain user to
authenticate? Can you use some other user (e.g. administrator) just for
testing, so that we know that it is not a permission issue?

Can you check System and Application logs on client PC and logs on DC?

Mike

 

Hi Mike
Yes I do get a indows asking for authentication, after
trying different usernames and passwords I've determind
that the member server only accepts a local logon(on the
member server).
This is what appears in the workstation Application event
log when it is un able to authorise.

Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 20/08/2004
Time: 12:41:27
User: N/A
Computer: Workstation1
Description:
Automatic certificate enrollment for local system failed
to contact the active directory (0x8007054b). The
specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

When the member server's local admin account username and
password is entered, access is granted.

this could be a normal function of windows server 2003 but
is ther a way to authenticate the user against the AD
without having to attach the computer to the domain?

thanks
Alex Hart

 

Alex,

Can you try and access another workstation that is member of domain -- from
computer that is not part of domain. E.g.

\\workstation\c$ and use domain administrator account to authenticate. Try
also with domain\administrator . Any luck?

Is there anything in the log of member server?

Do you have CA server deployed in your domain? Is this PC from other domain
or is it part of workgroup. Can you also try this from some other PC.

Another thing would be to try and use local account that exist on member
server. Instead of domain\administrator you could use
server_name\administrator and enter password for local administrator.

Mike