Hi together,
i have problems to accomplish the following task:
We have a Domain based DFS Namespace (2008) with some targets to Windows Server 2008 R2 File Servers. The Namespace is hold by the Windows 2008 R2 Domain Controllers. AD Functional Levels are 2008 R2.
Mapping and accessing from Domain Member Computers works fine as expected.
Now we need to provide Users with Non-Domain Member Computer access to the Namespace / File Services. My Idea was to have a local User with the same Username + Password as in the Active Directory, so the User won't get a password prompt.
So if i do a "net use m:\\fs01.domain.local\share /user:domain\%username%" the mapping is successfull and i have the correct access. Same thing with "net use m:\\domain.local\namespace\target /user:domain\%username%". Perfect so far!
If i do a "net use m:\\domain.local\namespace /user:domain\%username%" the mapping is also successful and i see the targets, but when i double-click a target, i get an "Logon Failure: Unknown Username or Bad Password". In the File Server's Security Event Log ID 4625 is logged (NULL SID and 0xc000006d / 0xc0000064, Logon Process NtLmSsp)
To wrap up:
- Mapping the File Server's Share or the Namespace Target --> Everything's fine!
- Mapping the DFS Namespace --> Logon Failure
- net use\\fs01.domain.local\share /user:domain\%username%
- net use m:\\domain.local\namespace /user:domain\%username%
Now i have two workarounds:
1. I commit the Password -> "net use m:\\domain.local\namespace Password /user:domain\%username% (-> This is not really practicable)
2. I first do a net use to the target without a drive letter and then a net use to the namespace with drive letter:
For me it seems that with mapping only the namespace there will be no valid ticket to access the file server target. Making this "Double Mapping" as described in Workaround 2 i have a valid ticket for the namespace and the taregt…
Is there a possibility to get this working without the double mapping?
Any tipps or hints appreciated!
Thanks! Johannes