I'm migrating from a (set of) NT domain, say SANVITO, to an AD domain, say LNFFVG. Both domain live in the same network, so there's no firewall/routing/... in the middle. In SANVITO domain, there's a share (say \\MEDIA\Software) with public access enabled. In SANVITO domain, public access works as expected. The same share are accessible with login (and password; so, non anonymously/guest mode) and again works as expected. In LNFFVG domain, users have the same login and password of SANVITO domain, so if i try from a domain user in LNFFVG to access \\MEDIA\Software share, i can access without trouble. Neverthless, if i try, from LNFFVG domain, to access the share in guest mode, i catch an 'access denied'. Why?! Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> Why?! Thanks.A-HA! After fiddling a bit with logs, i've found that: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client KAIN machine account KAIN$ Simply, KAIN was joined to SANVITO domain, and i've not removed that account, so the cleint tried to auth with machine account, but fail because the machine account was from a different domain. After doing: smbldap-userdel kain$ KAIN now switched correctly in guest mode, and share works as expected. Sorry to the list. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Maybe Matching Threads
- [OT?] Group Policy, drive maps and Cliend Site Caching...
- NTLM, MSCHAPv2, squid & freeradius...
- Avoiding uid conflicts between rfc2307 user/groups and computers
- Upgraded a member server to 4.8, rfc2307 data?
- [OT?] passing group name with spaces to ntlm_auth...