Environment
Microsoft Windows Server 2003
Microsoft Windows XP Professional
Situation
CIFS Domain Pass Through Authentication process
CIFS Local Authentication process
Resolution
CIFS Domain Pass Through Authentication process:
In Domain Pass Through Authentication process authentication is performed by the Domain Controller and not by the eDirectory. When CIFS is configured for Domain Authentication user credentials are simply passed to the Domain Controller and Domain controller returns a positive or negative response.
If a positive response is received user is then looked up in eDirectory to determine file system rights. In a nutshell in Domain Authentication process authentication is done by Domain Controller. However, file system rights are determined by eDirectory.
Once the file system rights are determined by the eDirectory the user is able to map the share to which user has the access.
CIFS Local Authentication process:
In Local Authentication process user is authenticated by eDirectory. When the user provide the credentials it is then looked up the by the eDirectory in “sys:\etc\cifsctxs.cfg” file. If the user's OU is listed in that file then the user is authenticated and the rights are assigned through NMAS eDirectory authentication
Additional Information
- In Domain Pass Through Authentication method make sure that the user has the same user name and password in Active Directory as well as in eDirectory.
- In Local Authentication method make sure that the user's OU is listed in “sys:\etc\cifsctxs.cfg” otherwise user will not be able to authenticate.
- Following are the examples of entries in "cifsctxs.cfg" file: o=abc or .ou=xyz.o=abc.