Sign in with
Sign up | Sign in
Your question

Auth problem with WinXp client and 2000 AD user if logged-..

Last response: in Windows 2000/NT
Share
Anonymous
January 20, 2005 4:52:53 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,
I want to protect all my servers from the Internet and for filesharing/samba
(port 139&445) I want to use a SSL tunnel that redirects these traffic to
the actual server. It all works god for Windows 98, NT and 2k but doesn't
work for the Windows XP (for 2k/2003 Server as backend) but works for NT
server
with XP client.

We did put a work around for the local 139/445 port also. Now real issue is
that when we are logging-into XP machine with cached credential (i.e PDC is
not accessible) then:

1. It prompts fo rthe U/P in NTLM dialog box (it happens only on XP).
2. If I enter my U/P as one used for the logon then I get error ("bad
credential same U/P was used for logon).
3. If I enter another domain U/P then I get different erros like ("No
authentication server available", "Unable to connect to Network", "You don't
have permission" etc....) on XP only.

Whereas if I follow the traffic then I see that actual fileserver has
received the data and sent back the error over the tunnel. Any help in this
regard is highly appreciated.

Note: We are opening only HTTP/HTTPS no other protocol for the communication
and tunneling the port 139/445 only for file sharing.


Thanks,
Ashok
Anonymous
January 20, 2005 4:52:54 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

When using XP to a 2003 server or 2000 SP4, the server does SMB signing
which can interfere with connections like this. It will also add about a
20% overhead to SMB connections. While this is not something that you'll
normally notice too much on a fast network, applications with a lot of SMB
traffic or through a tunnel can be affected.

There is a registry edit on the server that will stop this. Search the KB
for how to turn off the requirement to use SMB signing if available.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

"Ashok Mishra" <akmishra@safenet-inc.com> wrote in message
news:%239tn4Qm$EHA.2016@TK2MSFTNGP15.phx.gbl...
> Hi,
> I want to protect all my servers from the Internet and for
filesharing/samba
> (port 139&445) I want to use a SSL tunnel that redirects these traffic to
> the actual server. It all works god for Windows 98, NT and 2k but doesn't
> work for the Windows XP (for 2k/2003 Server as backend) but works for NT
> server
> with XP client.
>
> We did put a work around for the local 139/445 port also. Now real issue
is
> that when we are logging-into XP machine with cached credential (i.e PDC
is
> not accessible) then:
>
> 1. It prompts fo rthe U/P in NTLM dialog box (it happens only on XP).
> 2. If I enter my U/P as one used for the logon then I get error ("bad
> credential same U/P was used for logon).
> 3. If I enter another domain U/P then I get different erros like ("No
> authentication server available", "Unable to connect to Network", "You
don't
> have permission" etc....) on XP only.
>
> Whereas if I follow the traffic then I see that actual fileserver has
> received the data and sent back the error over the tunnel. Any help in
this
> regard is highly appreciated.
>
> Note: We are opening only HTTP/HTTPS no other protocol for the
communication
> and tunneling the port 139/445 only for file sharing.
>
>
> Thanks,
> Ashok
>
>
>
>
!