windows share authentication

[c00kie]

I have a windows 2003 server with a share that has limited access. the group allowed to access the share have both share permissions and security permissions.

If i try accessing the share from a machine not on the domain, i get an access denied error, but i would like it to prompt me for a username/password before denying/granting me access. is that possible/?

thanks

 

[sja360]

when i want to access a share on the server 2003 i have running it just pops up with a username and password window? thats without me logging into the domain and instead logging on locally.
it could be a security setting? as for what i aint too sure

 

[c00kie]

when i want to access a share on the server 2003 i have running it just pops up with a username and password window? thats without me logging into the domain and instead logging on locally.
it could be a security setting? as for what i aint too sure

yeh thats what i would like it to do it just refuses without giving me the chance to log in

 

[bledd]

'try' turning on guest account

control userpasswords2

also, try adding a user to the 2003 box (not using AD), so its just a local user

 

[c00kie]

thank you for the suggestions
the guest acct is on - even tried disabling it no difference though.

There are loads of local user accounts on the machine already
Thanks

 

[c00kie]

does anyone have any other ideas? still unsolved

 

[M0KUJ1N]

Just another thought, is the non-domain member machine using the same DNS server, WINS server and is it on the same LAN as the server? Ive just tried setting up a completely vanilla Windows 2003 Server install in VMWare and it behaves as expected.

 

[c00kie]

i have a domain server running on linux, to which all clients on site are joined.
all comps use the same wins/dns assigned by DHCP.

I have VPN access which effectively puts me on their network, using their dns/wins server (pix running as dhcp server to vpn clients tho).

As a VPN client i am not on the domain.

Going on a share on the linux server pops up a password box as expected, just the win2003 doesnt

thanks

 

[M0KUJ1N]

Ahh, the plot thickens...so the Samba box is your PDC and is the box that deals with authentication?

I have seen this sort of behaviour from Samba in the past. Is "security=user" and "encrypt passwords=yes" set in its smb.conf?

 

[c00kie]

Is "security=user" and "encrypt passwords=yes" set in its smb.conf?

yep, those are both set.

 

[c00kie]

Ahh, the plot thickens...so the Samba box is your PDC and is the box that deals with authentication?

I have seen this sort of behaviour from Samba in the past. Is "security=user" and "encrypt passwords=yes" set in its smb.conf?

do have any idea? still isnt playing ball

 

[M0KUJ1N]

Nothing groundbreaking Im afraid... First of all, is your Windows 2003 Server a domain member i.e. is it a member of the same domain as your linux PDC? Can you log into it using a domain account?

If thats the case, I think there might be an authentication-level issue between the two. I suspect the minimum encryption-level of your Windows box is NTLMv2 (that's the default for server 2003). However as Samba behaves like a NT4 domain rather than 2000/2003 AD domains it may be negotiating with NTLMv1, especially if its using samba 2.x. Try setting the LAN manager authentication level on your 2003 to Send LM and NTLM (level 1).

Finally does mapping a drive with net use work? Worth a try.

If all of these fail....Im stuck too!

 

[c00kie]

The server is a member of the domain, yes, and it is possible on it to log in using a domain account - works fine.

All the clients on the domain have no prob authenticating with the 2003 server, will changing the NTLM level affect this.

Mapping a network drive works IF the user/pass is specified when mapping, otherwise access is denied. I realise this is a workaround but trying to explain these things to people working from home is tricky at the best of times

thanks for the help!