General discussion


Workgroup PC to access Domain sharepoint

By rlmink ·
I work for a family owned business which has two companies. The two companies are located in the same facility. Company A has a MS Domain with two 2003 servers. Company B has multiple MS workgroups and UNIX. The evolution of the two networks occurred over time. Up until a couple of years ago the two did not have any data communications between each other. Then 2 LINUX firewalls were installed. The one at Company B to provide security to Company B?s workgroups and access between the two companies.

An evolving SQL application at Company A has also been installed on some PCs at Company B. It is developed by the brother of the owner, who works from Canada and occasionally comes on site in Ohio. A new function was added which writes/reads data from Word documents stored in a shared folder in the Company A domain. For users in Company A, specific permissions restrict access control to files in the folder. The user in Company B requires write/read access to the shared folder also. I have tested a few methods to grant access. The only way any form of access could be provided was by using the administrator account from the domain. If I created a new userid and had it be a member of the administrator group it would map a drive letter, but not grant access.

The examples which worked would not permit an unattended mapping for reoccurring logons. I do not want to provide an end user with the password to the administrator account, but I can not resolve the issue otherwise.

If I map a drive via the File Explorer using the connect as with \\domain\administrator with the ?reconnect at logon? selected, when I logon again it requests the password. I have used the IP address instead of the domain name which produced the same results. The NET USE command will work but the password is in plain text.

Any suggestions?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by p.j.hutchison In reply to Workgroup PC to access Do ...

The user will require a domain username and be a member of relevant groups to access the files and can access using explorer or net use command if they provide domain\username and password.

Collapse -

by rlmink In reply to Workgroup PC to access Do ...

Thanks for the response.

As I was exploring a solution, I had come across the same solution. I had first tested with an NT 4.0 PC on my side of the firewall and on Company B's side. For NT this was working fine. The PC in Company B is a W2K PC. As many of you may know, security is different starting with W2K. The firewall was denying access to Company A. The more testing and the use of Ethereal LAN analyzer shed more light on the access denial. Our firewalls are on LINUX boxes using Shorewall. As of last Friday, I had success by including a AllowSMB statement. From my consolidated LINUX log of REJECTS & DROPS this morning, there were rejected packets for Domain (udp/53) and Kerberos (udp/8. I'll check on these exceptions for data exchanges to eliminate as many errors as possible. For all I know the AllowSMB may have taken care of the issue. My LINUX skills are minimal.

Once again thanks for your answer. I am using the 'net use' command with the option /persistent:no. This way when the user logs on, the drive mapping does not occur prior to a logon script's execution. I noticed behavior while testing. The 'net use' command's default for /persistent:{yes|no} is yes. It forces the user to manually enter the password for the userid in the domain, which something I do not want the user to do or know.

Related Discussions

Related Forums