Error:Currently there are no authentication server available

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,
I want to protect all my servers from the Internet and for filesharing/samba
(port 139&445) I want to use a SSL tunnel that redirects these traffic to
the actual server.

After a network client starts the SSL session and we can access all our
shared resources from the LAN. It works very well with AD 2000 domain
controller used fo authentication for domain users.

If user is logged-in from cached credential in the same domain on which the
shareserver is running then we are getting the error "Currently there are no
authentication server available". Whereas same thing works properly from XP
and even from 2k Prof if I am loged-in from workgroup, local host or other
domain.

Its very urgent for us to solve this issue any help is greatly appreciated.

Thanks,
Ashok

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Typically that means that users on those computers can not access a domain
controller which is needed for them to authenticate to the file server if it
is a domain member. Cached credentials only allow a user to logon and
accessed the local computer - not domain resources. This could be a dns
problem in that the client computers are not configured to use the domain
controller as their preferred dns server [never ISP dns server for domain
member] or can not contact it due to netwoking problem. You could use ping,
nslookup, and the support tool netdiag to troubleshoot such.

I am not sure why you are using ssl on file servers. A firewall is typically
used to protect internal computers from the internet and using ssl in itself
may not protect the file server, though ssl would encrypt the traffic from
the file server to the clients. Another approach to consider would be to use
ipsec in the domain to protect access to a file server and encrypt the
traffic if needed. Ipsec also has the advantage of requiring "computer"
authentication if negotiation [ESP/AH] is used. However only W2K/XP
Pro/W2003 computers are ipsec capable. If you consider ipsec be sure to test
it out thoroughly first and be sure to exempt domain controllers for ipsec
protected traffic between domain members and domain controllers. --- Steve


"Ashok Mishra" <akmishra@safenet-inc.com> wrote in message
news:%23cg1EZiAFHA.4044@TK2MSFTNGP10.phx.gbl...
> Hi,
> I want to protect all my servers from the Internet and for
> filesharing/samba
> (port 139&445) I want to use a SSL tunnel that redirects these traffic to
> the actual server.
>
> After a network client starts the SSL session and we can access all our
> shared resources from the LAN. It works very well with AD 2000 domain
> controller used fo authentication for domain users.
>
> If user is logged-in from cached credential in the same domain on which
> the shareserver is running then we are getting the error "Currently there
> are no authentication server available". Whereas same thing works
> properly from XP and even from 2k Prof if I am loged-in from workgroup,
> local host or other domain.
>
> Its very urgent for us to solve this issue any help is greatly
> appreciated.
>
> Thanks,
> Ashok
>
>
>
>