Click here to get back home

Access share on one domain from another?
 HomeNewsGroups | Search | About
Login Password
Register Now! Lost Password?
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Access share on one domain from another? Paul 09-12-2005
Get Chitika Premium
Posted by Paul on September 12, 2005, 7:50 pm
Please log in for more thread options
 Hi,

Take two sbs2k3 servers in two separate domains in two separate physical
locations. There is a VPN (firewall to firewall) tunnel between the two
networks. A user on domain A with username "Joe" also has an account on
domain B with username "Joe". There is a share on domain B. When user "Joe"
on domain A browses to domain B he gets prompted for a login - so far, so
good. When he logs in as "Joe" on domain B he gets the following message
"The user name you typed is the same as the user name you logged in with.
That user name has already been tried. A domain controller cannot be found
to verify that user name". This happens for "B\Joe" and "SVR.B.local\Joe"
etc. Both domains are setup in LMHOSTS as domains on "Joe"'s client and
preloaded.

Anyone know where I'm going wrong here? I just want the shares to be visible
to allow download/upload to authorised users but I can't seem to crack it.
Any help appreciated. If this is not possible how can I setup an "everyone"
share that won't prompt for a login?

Thanks,

Paul




Posted by Steven L Umbach on September 12, 2005, 3:19 pm
Please log in for more thread options
 Trusts between domains are not a feature of SBS as explained in the
limitations of SBS in the link below.

http://support.microsoft.com/?kbid=295765

What you could try is have the user logon to his computer as a local [non
domain] user, create a user account for the user in the other domain with
that logon/password and then have him try to access the share or create a
local user account on the computer that offers the share and have the user
try to access the share with that username/password keeping in mind that he
may have to enter credentials as in computername\username so that the
computer knows the user is trying to access the share as a local user and
not a domain user. To allow unathenticated access to a share [kind of
scary] then enable the guest account on the computer offering the share and
include the everyone group in both the share and ntfs permissions for ONLY
the shares that you want to allow access without authentication. You may
find that you need to give the guest account a password and you might need
to tweak security [be sure to document changes from default] options for
anonymous access on the Windows 2003 Server offering the share. Local
Security Policy can be accesses via secpol.msc. --- Steve

> Hi,
>
> Take two sbs2k3 servers in two separate domains in two separate physical
> locations. There is a VPN (firewall to firewall) tunnel between the two
> networks. A user on domain A with username "Joe" also has an account on
> domain B with username "Joe". There is a share on domain B. When user
> "Joe" on domain A browses to domain B he gets prompted for a login - so
> far, so good. When he logs in as "Joe" on domain B he gets the following
> message "The user name you typed is the same as the user name you logged
> in with. That user name has already been tried. A domain controller cannot
> be found to verify that user name". This happens for "B\Joe" and
> "SVR.B.local\Joe" etc. Both domains are setup in LMHOSTS as domains on
> "Joe"'s client and preloaded.
>
> Anyone know where I'm going wrong here? I just want the shares to be
> visible to allow download/upload to authorised users but I can't seem to
> crack it. Any help appreciated. If this is not possible how can I setup an
> "everyone" share that won't prompt for a login?
>
> Thanks,
>
> Paul
>




Posted by Roger Abell [MVP] on September 12, 2005, 6:30 pm
Please log in for more thread options
Normally one can map using domain\user form of credentials when
the map-from and the map-to machines are in different forests when
network traffic is unrestricted between them and they have a common
authentication provider like NTLM v2 allowed.
So, I am wondering whether the VPN is allowing the needed ports
for the authentication protocol selected, or whether the invovled
machines are able to select a mutually workable authentication
provider.

> Hi,
>
> Take two sbs2k3 servers in two separate domains in two separate physical
> locations. There is a VPN (firewall to firewall) tunnel between the two
> networks. A user on domain A with username "Joe" also has an account on
> domain B with username "Joe". There is a share on domain B. When user
> "Joe" on domain A browses to domain B he gets prompted for a login - so
> far, so good. When he logs in as "Joe" on domain B he gets the following
> message "The user name you typed is the same as the user name you logged
> in with. That user name has already been tried. A domain controller cannot
> be found to verify that user name". This happens for "B\Joe" and
> "SVR.B.local\Joe" etc. Both domains are setup in LMHOSTS as domains on
> "Joe"'s client and preloaded.
>
> Anyone know where I'm going wrong here? I just want the shares to be
> visible to allow download/upload to authorised users but I can't seem to
> crack it. Any help appreciated. If this is not possible how can I setup an
> "everyone" share that won't prompt for a login?
>
> Thanks,
>
> Paul
>




Posted by Paul on September 14, 2005, 2:47 pm
Please log in for more thread options
Thanks Stephen/Roger,

That article left me better informed. I've decided I don't want the Guest
account enabled to achieve the result and have gone for an FTP option
instead.

Thanks again,

Paul

> Hi,
>
> Take two sbs2k3 servers in two separate domains in two separate physical
> locations. There is a VPN (firewall to firewall) tunnel between the two
> networks. A user on domain A with username "Joe" also has an account on
> domain B with username "Joe". There is a share on domain B. When user
> "Joe" on domain A browses to domain B he gets prompted for a login - so
> far, so good. When he logs in as "Joe" on domain B he gets the following
> message "The user name you typed is the same as the user name you logged
> in with. That user name has already been tried. A domain controller cannot
> be found to verify that user name". This happens for "B\Joe" and
> "SVR.B.local\Joe" etc. Both domains are setup in LMHOSTS as domains on
> "Joe"'s client and preloaded.
>
> Anyone know where I'm going wrong here? I just want the shares to be
> visible to allow download/upload to authorised users but I can't seem to
> crack it. Any help appreciated. If this is not possible how can I setup an
> "everyone" share that won't prompt for a login?
>
> Thanks,
>
> Paul
>




Similar ThreadsPosted
Windows domain user is sometimes denied access to server share October 2, 2006, 5:07 am
Monitor Access To A Particular Share September 1, 2005, 8:25 am
Unable to access DFS share via DMZ December 13, 2006, 3:48 am
Monitor Access To A Particular Share February 18, 2007, 6:07 pm
Grant access to a share via command-line? August 4, 2006, 8:49 am
Share permissions - cross-domain May 1, 2006, 11:47 am
There are currently no logon servers available to service the logon request - how to fix this error? i get it when trying to access a share one hop away. April 12, 2007, 6:03 pm
domain access control for local user of domain computer? April 3, 2008, 5:14 pm
Non-Domain computer access September 6, 2005, 3:47 pm
Access Domain that is using MIT Kerberos Integration August 24, 2005, 6:59 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap