Pivnardo
asked on
Authenticate workgroup user through a member server
There are many workstations that are currently setup as a workgroup and it is too time consuming to join all of them to the domain of the server. The DC server is Server 2003 STD and is working great as a fileserver for the office. All of the users in the office have a domain account that matches there local user name and password of the workstation. They can access the server shares no problem.
Now we have added an additional 2003 STD server which is setup as a member server. It is required to have a share from the member server accessable to all of the users. When trying to access the member server is authenticating locally and not quering the DC for the credentials.
I have tried to changed the "allow anyonimus SID translation" option on the member server. Also I have confirmed that all of the systems are pointing to the DC for DNS. I know this is not the best way to do this but time is very important and converting the office workstations over to the domain and cloning the user account is not possible right now.
Please some one help with this. I would prefer to not open the member server fully with something like guest acecess. Best if the member server passes along the credentials to the DC.
Now we have added an additional 2003 STD server which is setup as a member server. It is required to have a share from the member server accessable to all of the users. When trying to access the member server is authenticating locally and not quering the DC for the credentials.
I have tried to changed the "allow anyonimus SID translation" option on the member server. Also I have confirmed that all of the systems are pointing to the DC for DNS. I know this is not the best way to do this but time is very important and converting the office workstations over to the domain and cloning the user account is not possible right now.
Please some one help with this. I would prefer to not open the member server fully with something like guest acecess. Best if the member server passes along the credentials to the DC.
ASKER
Thank you for the fast responce. The net use option is not possible because the share should not be mapped. It is accessed from a client application directly. I recall being able to include the password in the command but that does not matter anyways. Really not good in regards to the promoting to a second DC. Adds much more complexity to the problem than desired. Much appericated for the responce.
If there is anyone that knows any other methods that would be great. I was even considering entering local users on the member to match the DC for the temp workaround. Admin nightmare though when passwords need to be changed. But very infrequent so is a possibility.
If there is anyone that knows any other methods that would be great. I was even considering entering local users on the member to match the DC for the temp workaround. Admin nightmare though when passwords need to be changed. But very infrequent so is a possibility.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the slow responce. You were spot on with the explination and the details to the problem I was having.
My resolution was to add the few accounts locally that required access. I then later joined the system properly to the domain and cloned the user accounts.
Nothing is every was with Microsoft !!
Thank you for your assistance.
My resolution was to add the few accounts locally that required access. I then later joined the system properly to the domain and cloned the user accounts.
Nothing is every was with Microsoft !!
Thank you for your assistance.
In your situation the easiest thing to do is upgrade the member server to a domain controller so that it also would have a copy of the usernames and password locally.
Another option is to setup a batch script with NET USE so that it maps all the shares using their domain credentials instead of the local credentials.
For example see attached code snippet...
The downside is it will prompt the user for the password.
Open in new window