Authentication across 2 domains

I have a workstation that belongs to a domain that I have no control
over. I want that workstation to log into another domain that I
control. I can see the WS hitting the domain, the dialog for the
authentication doesn't show my domain, and I can't think of any reason
why it won't log in. Valid UN and PW are being used, and I've even
tried adding the WS to the list of computers in the PDC to make sure,
but still to no avail.

The only device between our networks are the firewall I have no control

over. The firewall is allowing all ports to be forwarded if that
helps.

I've mapped a drive to a web server on my network from that WS, but I
can't map a drive to the PDC on the same network.

What am I not doing right?

Any help is appreciated.

Red_Foreman

Hi,

I didn't totally understand the description of your problem.

Does user get the prompt for username and password when he/she tries to
access the hard drive? If yes, instruct the user to enter

domain\username

in Username part of the box where "domain" is netbios name of your domain
and username is a valid username account in your domain... Also instruct the
user to enter correct password for the user account in your domain.

--
Mike
Microsoft MVP - Windows Security

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>I have a workstation that belongs to a domain that I have no control
> over. I want that workstation to log into another domain that I
> control. I can see the WS hitting the domain, the dialog for the
> authentication doesn't show my domain, and I can't think of any reason
> why it won't log in. Valid UN and PW are being used, and I've even
> tried adding the WS to the list of computers in the PDC to make sure,
> but still to no avail.
>
> The only device between our networks are the firewall I have no control
>
> over. The firewall is allowing all ports to be forwarded if that
> helps.
>
> I've mapped a drive to a web server on my network from that WS, but I
> can't map a drive to the PDC on the same network.
>
> What am I not doing right?
>
> Any help is appreciated.
>
> Red_Foreman
>

That was one of the many variables tried.

If this helps, we were able to map a drive to a web server on our
network, but can't map a drive to the PDC on our network. That I guess
is a better explanation of the problem.

Thanks for your help.

Red_Foreman

In news:(E-Mail Removed) oups.com,
(E-Mail Removed) <(E-Mail Removed)> typed:
> I have a workstation that belongs to a domain that I have no control
> over. I want that workstation to log into another domain that I
> control. I can see the WS hitting the domain, the dialog for the
> authentication doesn't show my domain, and I can't think of any reason
> why it won't log in. Valid UN and PW are being used, and I've even
> tried adding the WS to the list of computers in the PDC to make sure,
> but still to no avail.
>
> The only device between our networks are the firewall I have no
> control
>
> over. The firewall is allowing all ports to be forwarded if that
> helps.
>
> I've mapped a drive to a web server on my network from that WS, but I
> can't map a drive to the PDC on the same network.
>
> What am I not doing right?
>
> Any help is appreciated.
>
> Red_Foreman

Did you see my replies to your other posts? Please don't multipost - if you
need to post to multiple groups, it's best to crosspost instead, by posting
a single message to a handful of relevant groups (separate the NG names with
commas) so that everyone can follow the thread. Thanks :-)

See http://www.blakjak.demon.co.uk/mul_crss.htm

newsgroup nazi... yeay!!

In news:(E-Mail Removed) oups.com,
red_foreman <(E-Mail Removed)> typed:
> newsgroup nazi... yeay!!

OK, so you think it's reasonable & fair to ask people who are freely
volunteering their time to help others, to inadvertently reproduce the work
that other people have already done in freely volunteering *their* time to
help others? That's what multiposting is doing.

sorry, veteran newbie, it went thru before I could get it back....

won't happen again...

In news:(E-Mail Removed) oups.com,
red_foreman <(E-Mail Removed)> typed:
> sorry, veteran newbie, it went thru before I could get it back....
>
> won't happen again...

It's not a venal sin, nor a capital crime. No worries, although I'm confused
by the oxymoron above.

I've been on newsgroups since the early 90s, but have been away for 2
years and have forgotten some netiquette....

If you can interpret this, this is the event log surrounding an
attempted drive mapping from another PC, located in another domain,
that is trying to map to a DC on my domain. When you see successful,
it's lying. There is no drive mapping. Ok, it may be authenticating,
but on the PC side, he gets denied, with no error, just a denial.
----------------------------------------------------
12/27/2005,1:19:00 PM,Security,Success Audit,Logon/Logoff
,538,PMAPATH\bc,PMADATA,"User Logoff:
User Name: bc
Domain: PMAPATH
Logon ID: (0x0,0x59A9AA1)
Logon Type: 3
-----------------------------------------------------------
12/27/2005 1:16:15 PM Security Success Audit Logon/Logoff
540 PMAPATH\bc PMADATA "Successful Network Logon:
User Name: bc
Domain: PMAPATH
Logon ID: (0x0,0x59A9AA1)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: PC14640
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.2.99
Source Port: 0
"
----------------------------------------------
12/27/2005 1:16:15 PM Security Success Audit Logon/Logoff
576 PMAPATH\bc PMADATA "Special privileges assigned to new logon:
User Name: bc
Domain: PMAPATH
Logon ID: (0x0,0x59A9AA1)
Privileges: SeTcbPrivilege
SeBackupPrivilege
SeCreateTokenPrivilege
SeSecurityPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
SeEnableDelegationPrivilege
SeAssignPrimaryTokenPrivilege"
--------------------------------------------
12/27/2005 1:16:15 PM Security Success Audit Account Logon
680 PMAPATH\bc PMADATA "Logon attempt
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: bc
Source Workstation: PC14640
Error Code: 0x0
"
-----------------------------------------------
12/27/2005 1:16:15 PM Security Success Audit Logon/Logoff 540 NT
AUTHORITY\ANONYMOUS LOGON PMADATA "Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x59A9A97)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: PC14640
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.2.99
Source Port: 0
----------------------------------------------------