AD Permissions Issues

  • Thread starter Thread starter ALParada
  • Start date Start date
A

ALParada

I'm having problems with permissions and authentication. The user I am using
is a member of the Domain Admins. Essentially both apps I am trying to use
are having problems using the credentials supplied. They both require Domain
Admins and when the credentials are entered it comes back with wrong user or
password. I have reentered the credentials numerous times so that is not it.
There are two different applications that are on two different member
servers that are part of the domain. I can map to \\dc1\c$ from the servers
but only if I use the name and not the ip address. In other words \\dc1\c$
works but \\192.168.1.1\c$ prompts for a username and password and doesn't
accept it when entered. I tried removing and adding the servers back to the
domain but that didn't help. I ran a netdiag /fix from the member server and
came back with: [FATAL] Cannot do NTLM authenticated ldap_bind to
'dc1.xyz.com': Invalid Credentials. Don't really know if it is suppose to
pass or not, just don't know what to do next. Any suggestions would be
greatly appreciated.

TIA
 
Don't know if netdiag /fix can be run on a non-DC.

So the problem seems to be that you cannot connect to certain resources? Or
that you cannot map to a share with differing credentials?

Can you clarify your problem?


Either way, try the following (from one of the member servers) and let use
know the results:

nltest /sc_verify:domainName.com
nltest /dsgetdc:domainName.com



--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


I'm having problems with permissions and authentication. The user I am using
is a member of the Domain Admins. Essentially both apps I am trying to use
are having problems using the credentials supplied. They both require Domain
Admins and when the credentials are entered it comes back with wrong user or
password. I have reentered the credentials numerous times so that is not it.
There are two different applications that are on two different member
servers that are part of the domain. I can map to \\dc1\c$ from the servers
but only if I use the name and not the ip address. In other words \\dc1\c$
works but \\192.168.1.1\c$ prompts for a username and password and doesn't
accept it when entered. I tried removing and adding the servers back to the
domain but that didn't help. I ran a netdiag /fix from the member server and
came back with: [FATAL] Cannot do NTLM authenticated ldap_bind to
'dc1.xyz.com': Invalid Credentials. Don't really know if it is suppose to
pass or not, just don't know what to do next. Any suggestions would be
greatly appreciated.

TIA
 
Sc_verify doesn't seem to be a good command. I tried sc_query and dsgetdc,
and they both completed successfully.

To clarify the problem: I am trying to use two different pieces of software.
They both need domain admin privilidges to work. One software ask for the
credentials and says user name or password is wrong . The other software
tells me unknown user name or password. Now add this to the fact when I do a
\\ipaddress\c$ I get prompted for username and password even though I am
logged in to the domain and using an admin account. When I enter the
credentials it just prompts me again, in other words it doesn't accept them.

Thanks
 
When you get prompted for user credentials is there a box for the domain?

I can't really understand what the problem is. At what point do the
applications fail? Are they services running with domain credentials?

I would enable auditing of logon events if it isn't already and investigate
the security log for more info.


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


Sc_verify doesn't seem to be a good command. I tried sc_query and dsgetdc,
and they both completed successfully.

To clarify the problem: I am trying to use two different pieces of software.
They both need domain admin privilidges to work. One software ask for the
credentials and says user name or password is wrong . The other software
tells me unknown user name or password. Now add this to the fact when I do a
\\ipaddress\c$ I get prompted for username and password even though I am
logged in to the domain and using an admin account. When I enter the
credentials it just prompts me again, in other words it doesn't accept them.

Thanks


ptwilliams said:
Don't know if netdiag /fix can be run on a non-DC.

So the problem seems to be that you cannot connect to certain resources? Or
that you cannot map to a share with differing credentials?

Can you clarify your problem?


Either way, try the following (from one of the member servers) and let use
know the results:

nltest /sc_verify:domainName.com
nltest /dsgetdc:domainName.com



--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


I'm having problems with permissions and authentication. The user I am using
is a member of the Domain Admins. Essentially both apps I am trying to use
are having problems using the credentials supplied. They both require Domain
Admins and when the credentials are entered it comes back with wrong user or
password. I have reentered the credentials numerous times so that is not it.
There are two different applications that are on two different member
servers that are part of the domain. I can map to \\dc1\c$ from the servers
but only if I use the name and not the ip address. In other words \\dc1\c$
works but \\192.168.1.1\c$ prompts for a username and password and doesn't
accept it when entered. I tried removing and adding the servers back to the
domain but that didn't help. I ran a netdiag /fix from the member server and
came back with: [FATAL] Cannot do NTLM authenticated ldap_bind to
'dc1.xyz.com': Invalid Credentials. Don't really know if it is suppose to
pass or not, just don't know what to do next. Any suggestions would be
greatly appreciated.

TIA
Click to expand...
 
Back
Top