Error:Currently there are no authentication server available

A

Ashok Mishra

Hi,
I want to protect all my servers from the Internet and for filesharing/samba
(port 139&445) I want to use a SSL tunnel that redirects these traffic to
the actual server.

After a network client starts the SSL session and we can access all our
shared resources from the LAN. It works very well with AD 2000 domain
controller used fo authentication for domain users.

If user is logged-in from cached credential in the same domain on which the
shareserver is running then we are getting the error "Currently there are no
authentication server available". Whereas same thing works properly from XP
and even from 2k Prof if I am loged-in from workgroup, local host or other
domain.

Its very urgent for us to solve this issue any help is greatly appreciated.

Thanks,
Ashok
 
S

Steven L Umbach

Typically that means that users on those computers can not access a domain
controller which is needed for them to authenticate to the file server if it
is a domain member. Cached credentials only allow a user to logon and
accessed the local computer - not domain resources. This could be a dns
problem in that the client computers are not configured to use the domain
controller as their preferred dns server [never ISP dns server for domain
member] or can not contact it due to netwoking problem. You could use ping,
nslookup, and the support tool netdiag to troubleshoot such.

I am not sure why you are using ssl on file servers. A firewall is typically
used to protect internal computers from the internet and using ssl in itself
may not protect the file server, though ssl would encrypt the traffic from
the file server to the clients. Another approach to consider would be to use
ipsec in the domain to protect access to a file server and encrypt the
traffic if needed. Ipsec also has the advantage of requiring "computer"
authentication if negotiation [ESP/AH] is used. However only W2K/XP
Pro/W2003 computers are ipsec capable. If you consider ipsec be sure to test
it out thoroughly first and be sure to exempt domain controllers for ipsec
protected traffic between domain members and domain controllers. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Auth problem with WinXp client and 2000 AD user if logged-in from cached credential 1
Problem with user authentication (2000<->NT) 1
authentication problem 12
DCOM Autho Error 529 and 681 with Default Authentication Level = N 1
Event ID 5719 No windows NT or windows 2000 domain controller is available ... 1
How to implement mixed asp.net authentication 1
Integrated Windows Authentication 1
Making printer queue available without authentication 1

Top