Re: Unable to authenticate to untrusted domain NTLM v2 related issue
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 13 Sep 2006 00:10:11 -0500
I would try Roger's suggestion to see if you can access the other domain
computers via a local user account. If that works then it probably is a
problem with domain configuration somewhere. Another thing to try is try to
specify the IP address of the target server instead of name when trying to
access a share if neither local or domain account work. I know you said that
DNS and WINS are working properly but it is something that I always do as
part of troubleshooting network access problems. Another possible issue
could be incompatible security policy settings for "digitally sign
communications" in which case the XP Pro computers require it but the
servers in question are configured not to use it. That is probably a remote
possibility but if all else fails worth checking out though XP SP1 computer
did have a lot of problems with SMB signing which was cleared up in SP2. I
believe in particular there were problems if the server or computer required
digitally signed communications.
Steve
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ew5N5Sh1GHA.3900@xxxxxxxxxxxxxxxxxxxxxxx
Does it work if the XP Pro client is configured to use send LM and NTLM?
NTLMV2 only allows for a thirty minute time skew I believe if that could
be a problem.
Steve
<lwoody@xxxxxxxxxxxxx> wrote in message
news:1157991604.133550.120910@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi all
I am having a problem getting XP SP1 clients using NTLM v2 (AD domain
A) to authenticate (NT4 SP6 domain B) user credentials. These
credentails are used to map a network drive to member servers in the
NT4 based domain.
User logs on to XP SP1 using domain A user id / password. PCs are
domain members of A. They then map a drive to domain B using a
username / password for domain B for some development work.
At the moment, when the user enters their username/password/domain, the
member server logs the logon attempt but appear to fail to pass on the
request to Domain B's DC.
Both domains are on the same LAN. They are not trusted domains (and
they never will). There are no DNS/WINS issues. The DCs can ping each
other. This arrangement previously worked when Domain A was NT4 based.
It stopped working since it was replaced with XP / Active Directory.
Research suggests that I have add the (previously missing)
HKLM\system\currentcontrolset\control\lsa\lmcompatabilitylevel registry
key to both Domain B NT4 DC's with a value of 1.
This does not work.
XP SP1 clients set to "Send NTLMv2 response only"
NT4 Domain were set to "MS default" which is NTLM and now have the key
added which should negotiate NTLMv2?
As a note, from my XP SP1, I can authenticate to Domain B only to the
NT4 domain controllers before making the registry change (still works
afterwards) - but not to any of the member servers which are a mixture
of NT4, 2000, 2003 using the same user id.
Any ideas where I need to look?
.
- Follow-Ups:
- Re: Unable to authenticate to untrusted domain NTLM v2 related issue
- From: lwoody7110
- Re: Unable to authenticate to untrusted domain NTLM v2 related issue
- References:
- Unable to authenticate to untrusted domain NTLM v2 related issue
- From: lwoody
- Re: Unable to authenticate to untrusted domain NTLM v2 related issue
- From: Steven L Umbach
- Unable to authenticate to untrusted domain NTLM v2 related issue
- Prev by Date: error 1267 when i use smart card logon in some machines
- Next by Date: xp fat3 win2000 ntsf - xp ma nie widziec dysku 2000
- Previous by thread: Re: Unable to authenticate to untrusted domain NTLM v2 related issue
- Next by thread: Re: Unable to authenticate to untrusted domain NTLM v2 related issue
- Index(es):
Relevant Pages
|
