Issue with Non-Domain Computers Accessing Shares

We have a fairly simple active directory network (2008 r2).  

Because we are a software developer, we have a very mixed environment (Macs, non-domain laptops, test machines, etc).

We have network shares spread across a number of servers and NAS devices.  To make things easier for users, we have setup a DFS to consolidate the shares.  DFS is hosted on one of the domain controllers.

And here is where things get weird.

When a domain user (on a machine which is not a member of the domain) attempts to access a network share, they get challenged (Workstation can be Windows, Mac, etc).  

Unfortunately if they forget to include the domain prefix (which is most of the time), but the username and password are correct, the domain controller accepts the login and they can see the DFS share list.  However, whenever they attempt to access one of the DFS shares that doesn't exist on one of the domain controllers, they get a rejection that they don't have access.  They will not get prompted for their credentials again until they reboot their machines.

Is there any way to have the domain controllers reject logins that don't include the correct domain name?

(It's odd that the domain controller accepts the invalid credentials!)

Anyone?  While I still have hair on my head?





June 19th, 2015 6:41pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics