Domain Authentication

  • Thread starter Thread starter Paul
  • Start date Start date
P

Paul

Hi.

I have a question that maybe someone has a suggestion for.

I have 15 remote sites that all verify their domain
registration to my corporate office across the VPN.

they have a server (stand alone) in their office and they
connect to it via shares setup on the box.

however, if the network connection goes down in the
office, they can still login to the domain accounts on the
workstations, but they can't acess the shares.. the
workstation reports that there is no domain controller
available to validate login requests.

Without giving everyone local accounts to login to, how
would you all reccomend i get around this? Is there a
policy in the GPO i can establish that will cache
credentials for a person logging into a server.

Any advise is most helpful

Thank you.

Paul
 
No there is not. When a DC can not be contacted cached credentials will just
allow a user to logon to the local machine as you describe. One solution would
be to put a domain controller at each remote site and configure sites so that
replication would take into account slower wan links. The domain controller of
course should be physically secured and could be managed remotely via Terminal
Services Remote Administration. --- Steve
 
Ok. just wanted to be sure.. what bout using a modem..
can't the server dial out to a RAS to validate the user.

a DC in each office would be an administrative nightmare..
and too expensive.

has anyone used a modem like that before?
 
I suppose that should work as a backup plan. As long as the user can authenticate to
a domain controller. You could try a demand dial ras connection. You may want to post
in the win2000.active_directory or ras_routing newsgroup to see if anyone over there
have had luck trying that and configuration tips. --- Steve
 
Back
Top