yeah true!! but I know what i meant...

I just cant type properly.... I was refering more to the fact that they cant have a trust and the microsoft domain model has the flaw in it that if two identical accounts exist across domains then you are effectively trusted to access resources on the other domain...

I omitted the fact that he was using a windows 98 user, and not authenticated to the first domain anyway.. (me being stupid..)

David

[Edited by David_Wallis - 12/6/2001 1:44:09 PM]

 

Hi,

Am having a problem allowing a Windows 98 user to connect to a printer in a separate domain.

We are all developing in Domain A, printer is in Domain B.

All the Windows 2000 users can access the printer as \\Server\PrinterName and are correctly challenged for a username and password, they can enter this and connect even though there is no trust between the domains.

Trouble is the Windows 98 user is only prompted for a password, not user name as well, any ideas how to get him onto the printer?

TIA,



Alex

 

Is there a user account with exactly the same username and password as the Win98 user in the other domain?

If not, try creating one and see what happens.

 

Windows 9x security model is an oxymoron: there is no reliable security model in it.

Win98 file sharing relies on a password to access shares (think about file sharing dialog, and you can provide a file share read and write password, not a user name). This is what MS has implemented in its client.

Logging onto a domain on the win95 client should sort this, then give the domain user permissions...

 

Sorry, just re-read the question: set up a trust relationship between the domains.

 

We can't have a trust relationship, that's the problem

I need a way to 'bridge' the lack of trust relationship using a specific user credentials on the connection (I suspect this may not be possible but if anyone knows different?)

Ta anyway,




Alex

 

Is the printer physically connected to the NT/W2K server in the other domain or is it a network connected printer..

If its the latter you should be able to throw a connection directly to it from the win9x machine - depending on the protocol in use.

cheerio

 

It is a network printer, the problem is that the 98 user is challenged to enter only a password, not both username & password :-(


Alex

 

If you create identicaly named accounts with indentical passwords it will trust you in the other domain, without needing a trust relationship in place.

David

 

Didn't I say that right up there?

 

could also try setting the printer as a null session share.. (dont know whether it would work on a printer, but worth a try)

Go to the server that the printer is shared on, say the printer is shared as Laser01 then do the following

Using Regedt32

Locate the following key:

HKEY_LOCAL_MACHINE\CurrentControlSet\Services\Lanm anServer\Parameters\NullSessionShares

and add the share name (ie. Laser01) on the end... probably after dfs$

David

 

Well it's not really a flaw - it's just that if you present the same user name and password to another domain that has the same accoutn/password combination you would be authenticated..

This is pretty common on any authentication medium that relies only on a username/password combination..

Back to the Win9x issue, the client will present its authentication details to the domain - win9x can't impersonate another user in the "connect as" vein so really your a little stuffed if you want to be authenticate the user against a SAM from a different domain without a trust in place..

Only way to do this (and I mean get printer functionality, not authentication) is to connect directly to the printer

cheerio

 

How is the printer connected to the network ? This has a bearing on what your options are . . .

If it uses a JetDirect card/box you can just install the HP JetDirect Print Direct ( The name is something like that ! It is available for download or on the JetDirect CD ) app and print directly to the IP address of the print device. This bypasses all Domain/Security problems, by taking the Print Job straight over the network. Not ideal as the Win98 workstation is having to act as the printer queue instead of handing the print job off to a server.

If not then create a user account called `BOB` on Domain 2 and remove all rights to newly created user leaving Domain User only
and use the username `BOB` when the login screen appears on the Win98 client. When Win98 tries to connect to the printer just enter the password assigned when you created the account.

Another option is to add the Everyone group to the NT print device security tab.

Hope this helps

Rich