Win2003 domain and clients

G

Geckoloco

Hi all,

I went to a client this week to see their system architecture and I was
surprised with the configuration. Let me explain :

The server is a Win2003 with AD (domain name "example.local") and all
the users account were configured. Seems ok to me.
But when I went on a user's computer, it wasn't declared on the domain
but was configured on a workgroup called "example.local".
Never seen this...
The client did access to the server's share with her account (the same
that was configured on the server).

How is this possible ? I fought the clients had to be on the domain to
access the server.
Could someone explain me this configuration please ?

Thanks.
 
G

Geckoloco

Brandon McCombs a écrit :
Anyone can access a server share as long as they have the right to do
so. The right being defined by the ACLs on the server share. Being that
the clients aren't on the domain though the users will have to
authenticate before they access any domain resource. Sounds like both
you and your client need to learn a bit more about ADS, especially your
client since they have no idea how to setup a domain properly. Access to
server shares is a basic function of a domain (and workgroup for that
matter).
Click to expand...

Thanks for the answer.
I knew that users must authenticate on the server to access the shares
but I didn't know this type of configuration.
- If the client didn't had for workgroup the same name as the domain,
the user would have to authenticate the first time he access the share,
right ? (as opposite, now they just open their session and it works)
- What's the use of naming the workgroup the same as the domain ? I
don't get it.
- Are groups working for defining shares' access in this type of
configuration ? (server alone in domain and clients in workgroup)

I already configured AD with DNS, DHCP, etc with clients declared in the
domain but this config makes me sceptic. The AD is useless in this case,
they could've configured the users without AD, am I correct ?
 
H

Hank Arnold (MVP)

Geckoloco said:
Brandon McCombs a écrit :

Thanks for the answer.
I knew that users must authenticate on the server to access the shares
but I didn't know this type of configuration.
- If the client didn't had for workgroup the same name as the domain,
the user would have to authenticate the first time he access the share,
right ? (as opposite, now they just open their session and it works)
- What's the use of naming the workgroup the same as the domain ? I
don't get it.
- Are groups working for defining shares' access in this type of
configuration ? (server alone in domain and clients in workgroup)

I already configured AD with DNS, DHCP, etc with clients declared in the
domain but this config makes me sceptic. The AD is useless in this case,
they could've configured the users without AD, am I correct ?
Click to expand...

The work group name was not important. Having the same name as the
domain *could* have some negative impacts, but what made it work was
that the user name/account & password were the same as the domain user
name/account & password. When you try to access a network resource,
WIndows automaticaly sends the username and password used to logon to
the server handling the resource. If it matches the credentials on the
server, it then allows access per the security settings.

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
 
M

Meinolf Weber

Hello Geckoloco,

Doesn't matter if the wokgroup name is the same as the domain name. The authentication
to the domain works also if the machine is not a domain member, as you can
see with the share access. Important is the correct username/password for
the domain account and you can login.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
G

Geckoloco

Geckoloco a écrit :
Hi all,

I went to a client this week to see their system architecture and I was
surprised with the configuration. Let me explain :

The server is a Win2003 with AD (domain name "example.local") and all
the users account were configured. Seems ok to me.
But when I went on a user's computer, it wasn't declared on the domain
but was configured on a workgroup called "example.local".
Never seen this...
The client did access to the server's share with her account (the same
that was configured on the server).

How is this possible ? I fought the clients had to be on the domain to
access the server.
Could someone explain me this configuration please ?

Thanks.
Click to expand...

Good. This clarify the situation.
There's a lot of work to get all this rollin' back correctly.
Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

error raise domain function from win2000 to win2003 0
Dual Domain Controllers 10
vista domain clients permissions 1
win2003 Domain and Win95 box 1
VPN server without domain controller 0
Mail clients with servers? 0
No access to Win2003 domain 0
About security policy on terminal server 2

Top