Re: Access denied on Homeshare with FQDN, fine with Shortname
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 31 Aug 2007 00:47:27 -0700
<jwgoerlich@xxxxxxxxx> wrote in message
news:1188486751.680627.57980@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
My thought is Windows Vista recognizes the FQDN as an Internet site
rather than a local computer.
Yes, assuming the DNS domain of the FQDN target server is
not the same as the DNS domain of the troubled Vista client.
One of my lines exploration also, though; and an assumption
is needed this Vista is DNS disjunct from its DNS domain of
server relative to their FQDNs.
If this were the case, then Vista would
not pass on the user credentials.
Yep
The share would be inaccessible
unless Everyone was granted permission.
Umm. Why did the server not prompt for credentials ?
I took the posts to mean challenge for creds did happen
but that they result in an access denied message
Use the host name rather than
the FQDN, then Vista sees it as a computer on the Lan, passes the
credentials and all is well.
You are assuming that Windows authN mechanism works when
manually providing the same identity credentials at the prompt
for them fails. ?
Granted, this does not completely cover the facts. If the above was
the case, one would assume that granting Everyone access would work
and yet granting Authenticated Users would fail.
Indeed. That difference is pivotal in this puzzle.
I am wanting to know what are the time differences pairwise between
the parties: the Vista, the server, and the domain controller(s) in use
by them. Again, if it is a Kerberos support issue (i.e. FQDNs are of
the same DNS domain), it is lacking in accounting for the reported
success ACL's with Authenticated Users. The first * could be time
drift between the different machines; the second * would be expected
as shortname forces use of non-Kerberos authN; the last * we have
agreed makes sense if report of Authenticated Users to resolve is
mistaken, else this * is most obscure.
On Aug 30, 8:18 am, Hmoll <Hm...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
* Strange that on one machine it works, another it doesn't (despite
being in
the same OS, same OU, same user)
* Strange that if I use shortname rather than FQDN, it works, but the
more
reliable (for VPN users) FQDN fails
* Strange that if I change from user specific ACL on the share to
Everyone
or Authenticated users, it works.
Ugggh. Security auditing gleaned nothing. I turned on Account logon,
logon
and object access auditing. There were no failures that I could see.
Thanks for you help on this, I'm pulling my hair out.
I installed this Vista Business while at home. I then connected to the
corporate network the next day. That is the only difference in the
setup. I
wonder if there were any default security policies setup when I slected
"Home", when I was at home.
.
- Follow-Ups:
- References:
- Re: Access denied on Homeshare with FQDN, fine with Shortname
- From: jwgoerlich
- Re: Access denied on Homeshare with FQDN, fine with Shortname
- From: Roger Abell [MVP]
- Re: Access denied on Homeshare with FQDN, fine with Shortname
- From: Hmoll
- Re: Access denied on Homeshare with FQDN, fine with Shortname
- From: jwgoerlich
- Re: Access denied on Homeshare with FQDN, fine with Shortname
- Prev by Date: Re: Account Lockout Policies
- Next by Date: Re: Access denied on Homeshare with FQDN, fine with Shortname
- Previous by thread: Re: Access denied on Homeshare with FQDN, fine with Shortname
- Next by thread: Re: Access denied on Homeshare with FQDN, fine with Shortname
- Index(es):
Relevant Pages
|
|
