2003 server in a NT4 Domain.

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi All.

I have a NT4 Domain at present.

I brought a 2003 Server online and joined the NT4 Domain.
When the 2003 Server logs on it is logging onto the NT4 domain.
This is working but I have a problem.

The 2003 box indended use was as a new print server. When users
try to browse to the the shared printers on the 2003 machine they
are prompted for a user name and password. The only method
that I have found that enables them to see and install the new
printers was to enable the guest account on the 2003 server.

Would I be correct in assuming that 2003 cannot act as a member server
in a NT4 domain, similar to the old BDC method but can only join a
domain.

Thanks for any insight on this.

Josh.
17 answers Last reply
More about 2003 server domain
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Josh Davis" <none@nospam.net> wrote in message
    news:v56l11lc3kmshb9uho7tgid2p1fhjgc7o1@4ax.com...
    > Hi All.
    >
    > I have a NT4 Domain at present.
    >
    > I brought a 2003 Server online and joined the NT4 Domain.
    > When the 2003 Server logs on it is logging onto the NT4 domain.

    Perfectly fine so far.

    > This is working but I have a problem.
    > The 2003 box indended use was as a new print server. When users
    > try to browse to the the shared printers on the 2003 machine they
    > are prompted for a user name and password. The only method
    > that I have found that enables them to see and install the new
    > printers was to enable the guest account on the 2003 server.

    Sounds like the Win2003 server is NOT really in the
    NT4 domain. (Or at least not authenticating.)

    Win2003 DCs use/require SMB-signing by default but
    I do not think that ordinary servers require this -- so you
    might double check that (or upgrade all of your legacy
    machines with all Service Packs AND the DSClient
    upgrade in preparation for one day having a Win2003
    domain.


    > Would I be correct in assuming that 2003 cannot act as a member server
    > in a NT4 domain, similar to the old BDC method but can only join a
    > domain.

    No it can.

    Next most likely problem is name resolution.

    You didn't disable NetBIOS did you? You don't
    have multiple subnets do you? (If so you need
    WINS server.)


    --
    Herb Martin


    >
    > Thanks for any insight on this.
    >
    > Josh.
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Herb I am using windows 2003 server standard, from what you indicate
    it should be possible for clients to auth against the 2003 server
    when it is joined to our NT4 domain.

    I agree that it is more than likely not authenticating. Is smb-signing
    a service that runs on the 2003 box, can you point me in the right
    direction for things to check.

    When I go to share a folder for example on the 2003 box I can access
    the user list from the NT4 DC without problem.

    Any additional help would be most welcome.

    Thanks for your time.

    Josh.


    On Mon, 21 Feb 2005 21:55:55 -0600, "Herb Martin"
    <news@LearnQuick.com> wrote:

    >"Josh Davis" <none@nospam.net> wrote in message
    >news:v56l11lc3kmshb9uho7tgid2p1fhjgc7o1@4ax.com...
    >> Hi All.
    >>
    >> I have a NT4 Domain at present.
    >>
    >> I brought a 2003 Server online and joined the NT4 Domain.
    >> When the 2003 Server logs on it is logging onto the NT4 domain.
    >
    >Perfectly fine so far.
    >
    >> This is working but I have a problem.
    >> The 2003 box indended use was as a new print server. When users
    >> try to browse to the the shared printers on the 2003 machine they
    >> are prompted for a user name and password. The only method
    >> that I have found that enables them to see and install the new
    >> printers was to enable the guest account on the 2003 server.
    >
    >Sounds like the Win2003 server is NOT really in the
    >NT4 domain. (Or at least not authenticating.)
    >
    >Win2003 DCs use/require SMB-signing by default but
    >I do not think that ordinary servers require this -- so you
    >might double check that (or upgrade all of your legacy
    >machines with all Service Packs AND the DSClient
    >upgrade in preparation for one day having a Win2003
    >domain.
    >
    >
    >> Would I be correct in assuming that 2003 cannot act as a member server
    >> in a NT4 domain, similar to the old BDC method but can only join a
    >> domain.
    >
    >No it can.
    >
    >Next most likely problem is name resolution.
    >
    >You didn't disable NetBIOS did you? You don't
    >have multiple subnets do you? (If so you need
    >WINS server.)
    >
    >
    >--
    >Herb Martin
    >
    >
    >>
    >> Thanks for any insight on this.
    >>
    >> Josh.
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Josh,

    As to SMB signing, take a look at
    http://support.microsoft.com/default.aspx?scid=kb;en-us;887429

    You don't seem to be clear as to whether the 2003 server is a member server
    or a DC in your NT4 domain. You mention authenticating against it and you
    seem to describe symptoms that sound as though it is running a separate
    domain.

    With it running as a member with no AD, it should be very simple to share a
    print resource with NT permissions against it. SMB shouldn't interfere with
    printing, but it sounds like the security token isn't being generated
    correctly.

    So how did you join this server to the domain? Is it a member or a DC?
    What is your DNS like?

    --
    Ryan Hanisco
    MCSE, MCDBA
    FlagShip Integration Services

    "Josh Davis" <none@nospam.net> wrote in message
    news:52hl11lfhl6bfnug601h4mm5mldm86uo69@4ax.com...
    > Herb I am using windows 2003 server standard, from what you indicate
    > it should be possible for clients to auth against the 2003 server
    > when it is joined to our NT4 domain.
    >
    > I agree that it is more than likely not authenticating. Is smb-signing
    > a service that runs on the 2003 box, can you point me in the right
    > direction for things to check.
    >
    > When I go to share a folder for example on the 2003 box I can access
    > the user list from the NT4 DC without problem.
    >
    > Any additional help would be most welcome.
    >
    > Thanks for your time.
    >
    > Josh.
    >
    >
    >
    >
    >
    >
    >
    > On Mon, 21 Feb 2005 21:55:55 -0600, "Herb Martin"
    > <news@LearnQuick.com> wrote:
    >
    >>"Josh Davis" <none@nospam.net> wrote in message
    >>news:v56l11lc3kmshb9uho7tgid2p1fhjgc7o1@4ax.com...
    >>> Hi All.
    >>>
    >>> I have a NT4 Domain at present.
    >>>
    >>> I brought a 2003 Server online and joined the NT4 Domain.
    >>> When the 2003 Server logs on it is logging onto the NT4 domain.
    >>
    >>Perfectly fine so far.
    >>
    >>> This is working but I have a problem.
    >>> The 2003 box indended use was as a new print server. When users
    >>> try to browse to the the shared printers on the 2003 machine they
    >>> are prompted for a user name and password. The only method
    >>> that I have found that enables them to see and install the new
    >>> printers was to enable the guest account on the 2003 server.
    >>
    >>Sounds like the Win2003 server is NOT really in the
    >>NT4 domain. (Or at least not authenticating.)
    >>
    >>Win2003 DCs use/require SMB-signing by default but
    >>I do not think that ordinary servers require this -- so you
    >>might double check that (or upgrade all of your legacy
    >>machines with all Service Packs AND the DSClient
    >>upgrade in preparation for one day having a Win2003
    >>domain.
    >>
    >>
    >>> Would I be correct in assuming that 2003 cannot act as a member server
    >>> in a NT4 domain, similar to the old BDC method but can only join a
    >>> domain.
    >>
    >>No it can.
    >>
    >>Next most likely problem is name resolution.
    >>
    >>You didn't disable NetBIOS did you? You don't
    >>have multiple subnets do you? (If so you need
    >>WINS server.)
    >>
    >>
    >>--
    >>Herb Martin
    >>
    >>
    >>>
    >>> Thanks for any insight on this.
    >>>
    >>> Josh.
    >
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message
    news:#qCDacKGFHA.1188@tk2msftngp13.phx.gbl...
    > Josh,
    >
    > As to SMB signing, take a look at
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;887429
    >
    > You don't seem to be clear as to whether the 2003 server is a member
    server
    > or a DC in your NT4 domain. You mention authenticating against it and you
    > seem to describe symptoms that sound as though it is running a separate
    > domain.

    No, he was clear about that -- it is a server in his
    NT 4 domain.

    I suggested a common problem is the failure of the
    machine (or the other clients) to authenticate with
    the domain.

    Either way, his clients might not get access to it,
    but if this is the only 'server' that is giving him
    trouble it is likely this machine which is at fault
    if authentication is the cause.

    > With it running as a member with no AD, it should be very simple to share
    a
    > print resource with NT permissions against it.

    If it has authenticated itself and thus able to accept
    authentication from others in the domain.

    > SMB shouldn't interfere with
    > printing, but it sounds like the security token isn't being generated
    > correctly.

    Sure it will -- two ways. SMB is the protocol used
    for carring both the authentication packets AND the
    sharing of Drives and Printers.

    > So how did you join this server to the domain? Is it a member or a DC?
    > What is your DNS like?

    It's a member according to his initial message.

    DNS is a likely cause of his authentication problems,
    or perhaps WINS server if he has more than one subnet.
  5. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Josh Davis" <none@nospam.net> wrote in message
    news:52hl11lfhl6bfnug601h4mm5mldm86uo69@4ax.com...
    > Herb I am using windows 2003 server standard, from what you indicate
    > it should be possible for clients to auth against the 2003 server
    > when it is joined to our NT4 domain.

    Not being a domain controller I don't think it
    requires the signing, but if so Ryan (in his post
    this thread) suggested an article) about it.


    > I agree that it is more than likely not authenticating. Is smb-signing
    > a service that runs on the 2003 box, can you point me in the right
    > direction for things to check.

    SMB signing isn't really a service, just a setting
    and capability on the SMB protocol used for
    authentication packetes and File/Print sharing.

    I think only Win2003 DCs require this but shoot,
    maybe regular servers do too.

    You can set it on the LGPO (or in the registry).
    If you don't find the settings mentioned in the article
    Ryan suggested try this Google search and let me know
    if you don't find it, Google:

    [ site:Microsoft.com SMB signing 2003 ]

    > When I go to share a folder for example on the 2003 box I can access
    > the user list from the NT4 DC without problem.

    That sounds like it IS authenticating.

    What about if you try to access the resource from
    the NT DC (we are pretty sure that the server is
    authenticating with the DC).


    > Any additional help would be most welcome.
    >

    Which clients give you trouble? What error specifically?

    It could be the CLIENT is not authenticating even.

    NT with SP6+ should be able to use SMB-signing
    so this still might be the difference if you machines
    have different SP levels.

    What happens when you try these commands
    (from the trouble client AND from the PDC if they
    don't work):

    net use * \\serverName\ShareName

    net use * \\serverName\ShareName * /user:Domain\username

    IF the first fails and the second works then you
    likely have a CLIENT authentication problem
    (where the client machine isn't really authenticating
    again the DC but the explicit credentials work.)

    If these both fail, try these:

    net use * \\serv.IP.Add.ress\ShareName

    net use * \\serv.IP.Add.ress\ShareName * /user:Domain\username

    Put in the server address for each of the same commands
    from before....

    Report exact error messages.

    If none of that works. Ping the server and the PDC
    and report results.


    --
    Herb Martin


    > Thanks for your time.
    >
    > Josh.
    >
    >
    >
    >
    >
    >
    >
    > On Mon, 21 Feb 2005 21:55:55 -0600, "Herb Martin"
    > <news@LearnQuick.com> wrote:
    >
    > >"Josh Davis" <none@nospam.net> wrote in message
    > >news:v56l11lc3kmshb9uho7tgid2p1fhjgc7o1@4ax.com...
    > >> Hi All.
    > >>
    > >> I have a NT4 Domain at present.
    > >>
    > >> I brought a 2003 Server online and joined the NT4 Domain.
    > >> When the 2003 Server logs on it is logging onto the NT4 domain.
    > >
    > >Perfectly fine so far.
    > >
    > >> This is working but I have a problem.
    > >> The 2003 box indended use was as a new print server. When users
    > >> try to browse to the the shared printers on the 2003 machine they
    > >> are prompted for a user name and password. The only method
    > >> that I have found that enables them to see and install the new
    > >> printers was to enable the guest account on the 2003 server.
    > >
    > >Sounds like the Win2003 server is NOT really in the
    > >NT4 domain. (Or at least not authenticating.)
    > >
    > >Win2003 DCs use/require SMB-signing by default but
    > >I do not think that ordinary servers require this -- so you
    > >might double check that (or upgrade all of your legacy
    > >machines with all Service Packs AND the DSClient
    > >upgrade in preparation for one day having a Win2003
    > >domain.
    > >
    > >
    > >> Would I be correct in assuming that 2003 cannot act as a member server
    > >> in a NT4 domain, similar to the old BDC method but can only join a
    > >> domain.
    > >
    > >No it can.
    > >
    > >Next most likely problem is name resolution.
    > >
    > >You didn't disable NetBIOS did you? You don't
    > >have multiple subnets do you? (If so you need
    > >WINS server.)
    > >
    > >
    > >--
    > >Herb Martin
    > >
    > >
    > >>
    > >> Thanks for any insight on this.
    > >>
    > >> Josh.
    >
  6. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi again Herb. I played with this problem for a bit
    again today.

    To re-cap here is what I did and have discovered.

    Have a NT4 DOMAIN with one DC and 3 BDC.

    Joined the windows 2003 server to the domain as
    follows. Under system network identification I
    switched the 2003 server from workgroup mode to
    Member of a domain. Passed the correct credentials
    to the NT4 DC , DC accepted and said welcome to the domain.
    RE-Booted 2003 Server and logged into the domain. The account
    on my 2003 server matches the Administrator account on the NT4 DC.

    Was able to browse shared objects in the NT4 Domain without problem.

    Proceeded to setup shared printers on the 2003 server. I am able
    to see these shared printers from the NT4 DC and pdc's without
    problem.

    Users in the NT4 domain running windows 2000 and xp cannot access
    the shared printers on the 2003 server.

    Note the xp 2k users do not log into the domain as such.
    They are configured for workgroup mode. Their local user accounts
    match accounts on the NT4 DC. This way they can use our file server
    wihich is the actual NT4 DC and shared printers on the NT4 BDC's

    I looked at the security settings that pertain to smb and see that
    they are set to default on the 2003 server.

    I checked the event viewer on the 2003 server under security. I can
    see where users failed to auth on the 2003 server. The event viewer
    error code reported that Account did not exist on the 2003 server.

    What appears to have happened is that the 2003 server is not
    contacting the NT4 Dc to verify users and accounts or these domain
    accounts are not getting propgrated to the 2003 server...

    Any other insight ... ? tHIS IS BECOMMING WIERDER BY THE MINUTE.

    Thanks for the help so far.

    Josh..


    On Tue, 22 Feb 2005 01:04:15 -0600, "Herb Martin"
    <news@LearnQuick.com> wrote:

    >"Josh Davis" <none@nospam.net> wrote in message
    >news:52hl11lfhl6bfnug601h4mm5mldm86uo69@4ax.com...
    >> Herb I am using windows 2003 server standard, from what you indicate
    >> it should be possible for clients to auth against the 2003 server
    >> when it is joined to our NT4 domain.
    >
    >Not being a domain controller I don't think it
    >requires the signing, but if so Ryan (in his post
    >this thread) suggested an article) about it.
    >
    >
    >> I agree that it is more than likely not authenticating. Is smb-signing
    >> a service that runs on the 2003 box, can you point me in the right
    >> direction for things to check.
    >
    >SMB signing isn't really a service, just a setting
    >and capability on the SMB protocol used for
    >authentication packetes and File/Print sharing.
    >
    >I think only Win2003 DCs require this but shoot,
    >maybe regular servers do too.
    >
    >You can set it on the LGPO (or in the registry).
    >If you don't find the settings mentioned in the article
    >Ryan suggested try this Google search and let me know
    >if you don't find it, Google:
    >
    > [ site:Microsoft.com SMB signing 2003 ]
    >
    >> When I go to share a folder for example on the 2003 box I can access
    >> the user list from the NT4 DC without problem.
    >
    >That sounds like it IS authenticating.
    >
    >What about if you try to access the resource from
    >the NT DC (we are pretty sure that the server is
    >authenticating with the DC).
    >
    >
    >> Any additional help would be most welcome.
    >>
    >
    >Which clients give you trouble? What error specifically?
    >
    >It could be the CLIENT is not authenticating even.
    >
    >NT with SP6+ should be able to use SMB-signing
    >so this still might be the difference if you machines
    >have different SP levels.
    >
    >What happens when you try these commands
    >(from the trouble client AND from the PDC if they
    >don't work):
    >
    >net use * \\serverName\ShareName
    >
    >net use * \\serverName\ShareName * /user:Domain\username
    >
    >IF the first fails and the second works then you
    >likely have a CLIENT authentication problem
    >(where the client machine isn't really authenticating
    >again the DC but the explicit credentials work.)
    >
    >If these both fail, try these:
    >
    >net use * \\serv.IP.Add.ress\ShareName
    >
    >net use * \\serv.IP.Add.ress\ShareName * /user:Domain\username
    >
    >Put in the server address for each of the same commands
    >from before....
    >
    >Report exact error messages.
    >
    >If none of that works. Ping the server and the PDC
    >and report results.
  7. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Josh Davis" <none@nospam.net> wrote in message
    news:eoun11lc3kmshb9uho7tgid2p1fhjgc7iq@4ax.com...
    > Hi again Herb. I played with this problem for a bit
    > again today.
    >
    > To re-cap here is what I did and have discovered.
    >
    > Have a NT4 DOMAIN with one DC and 3 BDC.

    That's PDC (and 3 BDCs)

    > Joined the windows 2003 server to the domain as
    > follows. Under system network identification I
    > switched the 2003 server from workgroup mode to
    > Member of a domain. Passed the correct credentials
    > to the NT4 DC , DC accepted and said welcome to the domain.
    > RE-Booted 2003 Server and logged into the domain. The account
    > on my 2003 server matches the Administrator account on the NT4 DC.

    I assume you mean you logged on at the Win2003
    Server USING your NT4 domain account...

    (Different accounts "matching" would an entirely
    different thing and likely not work as expected.)

    > Was able to browse shared objects in the NT4 Domain without problem.

    Implies you used your Domain account (admin.)

    > Proceeded to setup shared printers on the 2003 server. I am able
    > to see these shared printers from the NT4 DC and pdc's without
    > problem.

    See meaning "browse" for them?

    > Users in the NT4 domain running windows 2000 and xp cannot access
    > the shared printers on the 2003 server.

    Cannot access them (explicitly) or cannot "see" them
    to try?

    So why didn't you run the commands I gave you
    to try? (And report explicitly errors/results).

    > Note the xp 2k users do not log into the domain as such.

    Well there is your main problem.

    > They are configured for workgroup mode. Their local user accounts
    > match accounts on the NT4 DC.

    Irrelevant.

    > This way they can use our file server
    > wihich is the actual NT4 DC and shared printers on the NT4 BDC's

    That doesn't work as I remember -- (There is a feature
    like this for WORKGROUPS (only) no Domain involved.

    But it's the wrong way to do it even if it does work.

    Also note, you won't be able to browse resource unless
    the workgroup name is the same as the Domain name.
    (usually).

    Make the XP computers domain member and switch
    the users to their domain account (take away the local
    account so they cannot use it.)

    You might want to save their profiles for transfer to
    their new account.

    > I looked at the security settings that pertain to smb and see that
    > they are set to default on the 2003 server.

    It's probably irrelevant. You need the computers
    and users in the domain.

    > I checked the event viewer on the 2003 server under security. I can
    > see where users failed to auth on the 2003 server. The event viewer
    > error code reported that Account did not exist on the 2003 server.
    >
    > What appears to have happened is that the 2003 server is not
    > contacting the NT4 Dc to verify users and accounts or these domain
    > accounts are not getting propgrated to the 2003 server...
    >
    > Any other insight ... ? tHIS IS BECOMMING WIERDER BY THE MINUTE.


    --
    Herb Martin
    What happens when you try these commands
    (from the trouble client AND from the PDC if they
    don't work):

    net use * \\serverName\ShareName

    net use * \\serverName\ShareName * /user:Domain\username

    IF the first fails and the second works then you
    likely have a CLIENT authentication problem
    (where the client machine isn't really authenticating
    again the DC but the explicit credentials work.)

    If these both fail, try these:

    net use * \\serv.IP.Add.ress\ShareName

    net use * \\serv.IP.Add.ress\ShareName * /user:Domain\username

    Put in the server address for each of the same commands
    from before....

    Report exact error messages.

    If none of that works. Ping the server and the PDC
    and report results.
  8. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    BTW the NT4 DC and pdc have got the latest
    service packs installed.

    Thanks again Josh.
  9. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Herb here are the results of the commands you gave me.

    I tried these from a xp machine.

    >net use * \\serverName\ShareName
    Reports password or user name is invalid.
    Did not give option to enter a user name only a password.

    >net use * \\serv.IP.Add.ress\ShareName * /user:Domain\username
    Worked.

    I passed the user name and password of another account , not admin
    account that resides on the NT4 PDC and what looked like a mapped
    network drive was created on the client.

    Was able to browse the list etc.

    It looks like Auth against the PDC is working as the user account used
    did not exist on the 2003 server but only on the NT4 PDC.

    One more thing. I fired up a old win98 pc that was logged into the nt4
    domain and was able to see the shared resources on the 2003 server.

    Looks like the problem is only with the win2k, xp based pc's

    Any other insight.


    Thanks.... Josh.


    On Tue, 22 Feb 2005 23:05:04 -0600, "Herb Martin"
    <news@LearnQuick.com> wrote:

    >Herb Martin
    >What happens when you try these commands
    >(from the trouble client AND from the PDC if they
    >don't work):
    >
    >net use * \\serverName\ShareName
    >
    >net use * \\serverName\ShareName * /user:Domain\username
    >
    >IF the first fails and the second works then you
    >likely have a CLIENT authentication problem
    >(where the client machine isn't really authenticating
    >again the DC but the explicit credentials work.)
    >
    >If these both fail, try these:
    >
    >net use * \\serv.IP.Add.ress\ShareName
    >
    >net use * \\serv.IP.Add.ress\ShareName * /user:Domain\username
    >
    >Put in the server address for each of the same commands
    >from before....
    >
    >Report exact error messages.
    >
    >If none of that works. Ping the server and the PDC
    >and report results.
  10. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    > I tried these from a xp machine.
    >
    > >net use * \\serverName\ShareName
    > Reports password or user name is invalid.
    > Did not give option to enter a user name only a password.

    Don't give either -- if you give one you must give
    both.

    > >net use * \\serv.IP.Add.ress\ShareName * /user:Domain\username
    > Worked.

    Ok, user CAN authenticate and use resources, but
    in the previous one you didn't prove the user could
    or could not do that by default (with CURRENT
    logon credentials.)

    > I passed the user name and password of another account , not admin
    > account that resides on the NT4 PDC and what looked like a mapped
    > network drive was created on the client.

    Could you access it? Dir, Copy con m:\t.txt, etc. ?

    > Was able to browse the list etc.

    Browsing is a SEPARATE issue (NetBIOS, maybe
    even WINS servers and clients) from authentication.

    > It looks like Auth against the PDC is working as the user account used
    > did not exist on the 2003 server but only on the NT4 PDC.

    Doesn't matter anyway if you give the username the
    way I shows you DomainName\Username

    This refers ONLY to a domain account.

    > One more thing. I fired up a old win98 pc that was logged into the nt4
    > domain and was able to see the shared resources on the 2003 server.
    >
    > Looks like the problem is only with the win2k, xp based pc's

    If it is "seeing shares" then tell me if these are true:

    All machines are domain members OR use same workgroup name

    All machines are on SAME subnet OR you have a WINS server

    (If you have WINS server):
    All machines, including SERVERS are WINS clients

    > Any other insight.

    Separate "See" as in browse from Authenticate.

    They are unrelated.

    > Thanks.... Josh.
    >
    >
    > On Tue, 22 Feb 2005 23:05:04 -0600, "Herb Martin"
    > <news@LearnQuick.com> wrote:
    >
    > >Herb Martin
    > >What happens when you try these commands
    > >(from the trouble client AND from the PDC if they
    > >don't work):
    > >
    > >net use * \\serverName\ShareName
    > >
    > >net use * \\serverName\ShareName * /user:Domain\username
    > >
    > >IF the first fails and the second works then you
    > >likely have a CLIENT authentication problem
    > >(where the client machine isn't really authenticating
    > >again the DC but the explicit credentials work.)
    > >
    > >If these both fail, try these:
    > >
    > >net use * \\serv.IP.Add.ress\ShareName
    > >
    > >net use * \\serv.IP.Add.ress\ShareName * /user:Domain\username
    > >
    > >Put in the server address for each of the same commands
    > >from before....
    > >
    > >Report exact error messages.
    > >
    > >If none of that works. Ping the server and the PDC
    > >and report results.
    >
  11. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Herb

    >Could you access it? Dir, Copy con m:\t.txt, etc. ?

    Was able to access the shared resource on the 2003 server.
    could access a txt file I had in there. Could write.

    Had default permissions set via "Everyone" ... write, read.

    When I say browse.. I mean access the shared resource via the gui.

    So what u make of it. All pc's on same subnet.. each has wins.

    wierd...

    Thanks ... Josh...
  12. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Josh Davis" <none@nospam.net> wrote in message
    news:53hq111m97ulgr16qtleiarhj5174qmic5@4ax.com...
    > Herb
    >
    > >Could you access it? Dir, Copy con m:\t.txt, etc. ?
    >
    > Was able to access the shared resource on the 2003 server.
    > could access a txt file I had in there. Could write.
    >
    > Had default permissions set via "Everyone" ... write, read.


    > When I say browse.. I mean access the shared resource via the gui.

    That's not a good test of access -- especially
    authentication problems.

    I gave you the Net Use commands and you decided
    to do them differently and then last message I told
    you that the way I gave them was necessary but you
    don't report re-trying that.

    Log on as Username in Domainname then try:

    net use * \\Servername\Sharename

    When you said that this works:
    net use * \\Servername\Sharename * /user:Domainname\Username

    It the latter works and the first fails you pretty
    much know you have an authentication issue.

    > So what u make of it. All pc's on same subnet.. each has wins.
  13. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    More details


    On Wed, 23 Feb 2005 20:08:04 -0600, "Herb Martin"
    <news@LearnQuick.com> wrote:

    >If it is "seeing shares" then tell me if these are true:
    OK

    >All machines are domain members OR use same workgroup name

    2k XP clients are configured in workgroups. Clients user id and
    password match accounts on the PDC. This way they can access
    our file server and print servers which are part of the nt4 domain.

    The wins & dhcp server are part of a workgroup "win 2000 Server"
    not logged into the domain or a domain member.

    There are many workgroups, but only one domain.

    Clients + servers register with wins without problem.
    Wins server info is passed to the clients via DHCP.


    > All machines are on SAME subnet OR you have a WINS server

    Yes all on same subnet. Have a windows 2000 server based wins
    server.

    >
    > (If you have WINS server):
    > All machines, including SERVERS are WINS clients

    Yes they register ok with wins.

    One other thing If clients have permissions set on our file server,
    which is the NT4 PDC. They can access these shared resources ok.
    the clients are win9x, 2k, xp... No problems in accessing
    the shares or printers.

    Thanks .... Josh
  14. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    --
    Herb Martin


    "Josh Davis" <none@nospam.net> wrote in message
    news:pjhq11tn7bpbh3ihf48de8vb82see3g8u2@4ax.com...
    > More details
    >
    >
    >
    > On Wed, 23 Feb 2005 20:08:04 -0600, "Herb Martin"
    > <news@LearnQuick.com> wrote:
    >
    > >If it is "seeing shares" then tell me if these are true:
    > OK
    >
    > >All machines are domain members OR use same workgroup name
    >
    > 2k XP clients are configured in workgroups. Clients user id and
    > password match accounts on the PDC. This way they can access
    > our file server and print servers which are part of the nt4 domain.

    Join them to the domain.

    > The wins & dhcp server are part of a workgroup "win 2000 Server"
    > not logged into the domain or a domain member.
    >
    > There are many workgroups, but only one domain.
    >
    > Clients + servers register with wins without problem.
    > Wins server info is passed to the clients via DHCP.
    >
    >
    > > All machines are on SAME subnet OR you have a WINS server
    >
    > Yes all on same subnet. Have a windows 2000 server based wins
    > server.

    Then WINS server is mostly irrelevant but since
    you HAVE it make EVERY machine a WINS client
    (in NIC properties) including servers.

    > >
    > > (If you have WINS server):
    > > All machines, including SERVERS are WINS clients
    >
    > Yes they register ok with wins.
    >
    > One other thing If clients have permissions set on our file server,
    > which is the NT4 PDC. They can access these shared resources ok.
    > the clients are win9x, 2k, xp... No problems in accessing
    > the shares or printers.
    >
    > Thanks .... Josh
    >
    >
    >
    >
  15. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    On Wed, 23 Feb 2005 21:52:00 -0600, "Herb Martin"
    <news@LearnQuick.com> wrote:Herb, if I join all machines to the
    domain. The users will no longer be in workgroups.They are used to
    working in workgroups.

    If I am not mistaken when all users are in the domain there computer
    names will apear under the domain name via network browsing. With
    200 client computers this is not a good solution. The object list
    would be too long.

    If it was possible to join the clients to the domain and preserve
    their actual workgroups I would have done this. Joining all servers
    to the domain is no problem. I can add in the dhcp / wins server.

    I shall explore some other avenues to try resolve the problem and
    let you know what I find.

    Thanks for the help and insight.

    Josh..
  16. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Josh Davis" <none@nospam.net> wrote in message
    news:g7nq11h47ktaf20vo13ldc8apdf3vlt100@4ax.com...
    > On Wed, 23 Feb 2005 21:52:00 -0600, "Herb Martin"
    > <news@LearnQuick.com> wrote:Herb, if I join all machines to the
    > domain. The users will no longer be in workgroups.They are used to
    > working in workgroups.

    It's a poor practice -- it is the source of your
    problems.

    You can treat the users as a workgroup if you
    wish but then there is little point in having a domain.

    > If I am not mistaken when all users are in the domain there computer
    > names will apear under the domain name via network browsing. With
    > 200 client computers this is not a good solution. The object list
    > would be too long.

    They will appear IF the machines offer shares.

    They but they will also appear if the DOMAIN name
    and the WORKGROUP are the same.

    There are also registry settings to turn this off.

    You could also run it as two domans (you have another
    server already) and use explicit (external) trusts.

    > If it was possible to join the clients to the domain and preserve
    > their actual workgroups I would have done this. Joining all servers
    > to the domain is no problem. I can add in the dhcp / wins server.

    The domain issue is the source of your problems.

    > I shall explore some other avenues to try resolve the problem and
    > let you know what I find.

    Ok.
  17. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi Herb I have resolved the problem and all is working
    ok.

    See inline comments.

    if I join all machines to the
    domain. The users will no longer be in workgroups.They are used to
    working in workgroups.
    >
    >It's a poor practice -- it is the source of your
    >problems.
    >
    >You can treat the users as a workgroup if you
    >wish but then there is little point in having a domain.

    Not really true. This depends on the network setup.
    For example if you want preserve what end users
    are used to then the workgroup model works well.

    In my setup they have both. Local access and domain
    access all via one account on the client pc. There
    is no need to log onto the domain per say.

    All that is needed is permission to access a domain
    resource. Since our permissions only allow access
    to printing and a file server our solution works
    very well.

    Now to the browsing issue. The network components have changed
    since NT4. In 2k /3k server there is a quirk, MS call it a bug
    of sorts on the phone today.

    In a Nutshell this is it. To access a a shared resource on
    a 2k 3k machine that is Joined to a NT4 domain one needs to
    tell the 2k / 3k box that the permission to access the shared resource
    is contained on the PDC. The problem is that the 2k 3k server looks
    first to local accounts on the respective server but not the domain
    controller.

    To get around this all a user has to do is as follows. Click on the
    shared object under my network places or enter the path \\ to whatever
    server.

    Once the dialog box pops up they enter their user name like so.

    Username domain name\username
    password Password.


    So if user steveb with a password of 1234 had access permissions on
    a NT4 PDC in the domain dc77 and wished to access the shared resource
    on a 2003 server that was joined to the NT4 domain they would enter
    info in the dialog box as follows.

    Username dc77\steveb
    Password 1234

    Thats how to make it work.

    Josh.
Ask a new question

Read More

Domain Servers Active Directory Windows