SMB printer authentication by domain credentials

Similar Messages

• Printing to a Windows Shared Printer in Windows Domain Stopped Working

  If anybody can shed some light on the problem below I would be highly appreciative. I have tried every suggestion I've found on ways to fix this problem, including postings found on this forum, without success.
  I use able to Print to a Shared HP Laser Jet printer one a Windows 2003 Server machine, which is part of a Windows 2003 Domain. It has been working faultlessly until about a 2 weeks ago. I have had a number of errors including unable to Connect but the Error I get constantly now is:
  +Unable to connect to SAMBA host, will retry in 60 seconds...ERROR: Connection failed with error NTSTATUS_NOMEMORY"+
  I have reset the password of the windows user that originally made the connection when the computer was set up and this password had special characters. After reading various posts I have tried:
  1. Reseting that users password without special characters, deleting the printer and adding it back in using the same user and the new password. The same user can map and connect to windows Shared Directories on the same Server and open and edit files
  2. I have reset the Keychain to make sure it was using the new password. Again deleted and re-added the printer.
  3. Created a new user both on the domain and one the print server deleted and re-added the printer using each user while also reseting the key chain
  4. Tried the Advance option on the Printer Setup Utility using the following SMB URL format,
  smb://user:pass@Domain/Machine/Printer where, the domain is called "home", the machine name is "Devserver01" and the printer share name is "HPLaser" resulting in a smb URL of smb://shanep:xxxxx@Home/Devserver01/hplaser.
  None of the above work!
  So as a new MAC user I have absolutely no other ideas of where to look for additional information on what is happening i.e. where do you look for log files that may contain additional detail.
  Can anybody assist on suggesting any other things to look for or check?
  Thanks
  Shane

  Hi Greg,
  Thanks of the tips. I have just managed to get it working and I didn't use the LPD method but tried a few different smb URI's.
  Here's what I found worked.
  1. I created a standard user account on the Windows 2003 server on which the printer is connected and shared, i.e. a non Domain user name that is local to the server only and not the domain
  2. I then used this user name and password, along with the IP address of the server in the URL i.e.
  smb://user:password@IPofserver/hplaser.
  3. Printed a test page successfully
  I then tried variations of a theme using username and passwords on the domain, changing the @workgroup/server/printer with no success.
  I could however replace the IP address with simply the @Server/Printer combinations using he local user name and password successfully.
  I also installed apple and Unix printing and file services so whether this made the difference I'm not sure.
  Interestingly I tried to add the mac to the LDAP/Active Directory and couldn't successfully bind to the directory. Not that I'm an AD expert, but I have configured a few Java applications to use LDAP/AD authentications and groups of late so this problem is a little unusual, but that aside, thanks for the pointers, Printing problem solved. now to solve the AD one
  Shane

• ISE EAP-Chaining with machine, certificate and domain credentials

  Good morning,
  A customer wants to do the following for their corporate wireless users (all clients will be customer assets):
  Corp. wireless to authenticate with 2-factor authentication:
  •1. Certificate
  •2. Machine auth thru AD
  •3. Domain creds
  When client authenticates, they want to match on 2 out of the 3 conditions before allowing access.
  Clients are Windows laptops and corporate iPhones.
  Certs can be issued thru GPO and MDM for iPhones
  Client supplicant on laptops is native Windows - which I understand is a compatibility issue from this thread: https://supportforums.cisco.com/thread/2185627
  My first question is: can this be done?
  Second question: how would i implement this from an AuthC/AuthZ perspective?
  Thanks in advance,
  Andrew

  You can do this configuring anyconnect with NAM modules on endpoints! But I don't make sense configure some clients with certificate and others with domains credentials...
  For your information, I'm actually configuring EAP-Chaining on ISE 1.2 and i'm gotting some problems. The first one I got with windows 8, for some reason windows was sending wrong information about the machine password but I solved the problem installing a KB on windows 8 machines (http://support.microsoft.com/kb/2743127/en-us). The second one I got with windows 7 that are sending information correctly about domain but wrong information about user credentials, on ISE logs I can see that windows 7 are sending user "anonymous" + machine name on the first longin... after windows 7 start if I remove the cable and connect again the authentication and authorization happen correctly. I still invastigate the root cause and if there is a KB to solve the problem as I did with windows 8.
  Good luck and keep in touch.
  http://support.microsoft.com/kb/2743127/en-us

• PEAP authentication for domain & non-domain computers

  Hello Everyone,
  Some of our users have laptops that are not in the domain and are unable to connect to the wireless network. Although their computers aren't in the domain, the users do have an AD account and are currently a part of the security group attached to the Wireless NPS policy. The only remedy I have for this problem is to manually add the SSID to their computer which defeats the purpose of this wireless network. The ultimate goal is to allow the user to connect to the wireless network by entering their domain credentials and moving on.
  We have a WLC 2504 running 7.4.110.0 with 15 1602i APs. The SSID is configured to pass 802.1x EAP authentication to NPS running on windows 2008 R2. With mobile phones and tablets, the authentication is successful without a hitch so I don't understand why a non-domain computer is unable to connect without manually entering the SSID. In the WLC log, I will see entries such as:
  "AAA Authentication Failure for UserName:host/LastNameFirstInitial-LT.mydomain.Local User Type: WLAN USER".
  By examining this log entry, to me it says the domain profile on the computer is being sent to the NPS for authentication instead of the username and password. We have a  3rd party SSL certificate installed on the NPS server. 
  Taking it one step further - We have a second SSID for guest users that is configured with the same setup except that the NPS is configured to accept authentication attempts from a single AD user called "mydomain\guest". We decided on this approach for the guest wireless network so that we can rotate the password automatically every week with a vbscript that manipulates the password via LDAP. Users with laptops in different domains are unable to connect to the guest wireless network and I'm starting to think the machine authentication is a problem. 
  Any suggestions would be greatly appreciated.
  Thanks,
  Ali.

  Hi Ali,
  That’s all part of the wonderful world of wireless on Windows.
  When a connection to a WLAN is made on a windows machine, by selecting it from available Wireless Networks list (Passive RF Scan), and Windows as parsed the 802.11 AP Beacon to contain the WPA2, 802.1X element, by default it will attempt to connect with known or active session credentials.
  Typically it will be Machine account (they all have them whether on a Domain or not) and then /Or User. This order and preference may change depending on version of Windows (Vista to Windows 8) and service pack level.
  Regardless the only thing you can count of for sure is that the first authentication attempt from a windows client will not involve the user entering information. Once the first attempt fails the Windows supplicant will prompt the user for login information via a notification in the system tray, which may or may be noticed by the user. May or may not stay for more than 5 seconds.
  Windows XP and Vista were the worst for this. Windows 7 and Windows 8 this process and recovery and user prompt mechanism is greatly improved but not infallible.
  The only way to avoid this would be to manually configure the WLAN profile on the windows machine as you are currently doing.
  Mobile phones and tablets don’t have this issue as they don’t have issue because software coding in their supplicants. Besides the only “system” credentials on iOS or Android phone are typically your Play Store and App Store accounts, and both vendors know those won’t be accepted for network access by default anywhere.
  There isn’t an easy way to support non-domain windows systems on a domain integrated one.
  You might want to try adding another SSID.
  You could have a corporate SSID, Guest Portal and a third that is PSK + Guest Portal. ON NPS you could filter for RADIUS attribute called-station-id (includes SSID) to allow all domain ID’s access instead of the just that WLAN.
  Or you could look at swapping out NPS for a Cisco ISE VM/appliance with the new Plus licenses add lower cost for onboarding devices and Windows XP and up are supported for supplicant configuration via ISE.

• How to have Infopath form use Sharepoint Domain credentials

  I have built a for in infopath which is published to a library on Sharepoint 2013. This form is filled out by certain users and when its completed it gets moved into a subfolder. We then provide a link to a client who has a domain account with restricted
  access to just this folder of sharepoint. They can view this form and any others we put in this folder.
  The form has 2 views. The first is the view our staff sees when filling it out. There are some hidden sections in there for us that the client does not need to see. So there is a second view which is read only and I have taken away the option for them to
  switch views so they can't go back to our internal view.
  What I would like to happen is that the form can somehow detect by the domain login info from sharepoint, what user is opening the form and switch views based on that. What I can't figure out how to do it to have the form pull domain credentials from the
  sharepoint site and use those a a variable when opening the form to set the view.
  I believe I am on the right path what trying to setup a data connection but I am just missing something. I found this great guide http://www.pointgowin.com/seethepoint/Lists/Posts/Post.aspx?ID=55 but now when I open the form I get a warning stating "You
  do not have permissions to access a SharePoint list that contains data required for this form to function correctly." Also I still can't seem to pull the username.
  Can someone help me out? Point me in the right direction? Thanks.

  Hi,
  According to your post, my understanding is that you wanted to have Infopath form use Sharepoint Domain credentials.
  When you use Claims-based authentication, your user name is prefaced by “0#.w|”.  So for example, if your user name is SuesDomain\jdoe then your Claims-based user token will be, without
  the quotes:     “0#.w|SuesDomain\jdoe”
  InfoPath can’t handle that, or more specifically, the UserProfile.asmx method GetUserProfileByName method can’t handle that.  InfoPath tries to pass in your Claims-based user token instead
  of your domain\User Name.
  You have an authentication problem where the currently logged in user is not allowed to hit the web service, so you get an Access Denied 401 authentication error
  To resolve the issue, you can refer to the great blog:
  SharePoint 2013, InfoPath and Claims – GetUserProfileByName
  More information:
  InfoPath over Claims Authentication (SharePoint 2010 & 2013)
  SharePoint 2013 Business Connectivity Services Search and Profile PageMetroStar Systems Blog
  Thanks,
  Linda Li
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Linda Li
  TechNet Community Support

• SCCM 2012 MDT 2012 UDI Require domain credentials to run task sequence

  We are in the process of moving to SCCM 2012 integrated with MDT 2012 for OSD from using MDT 2012 by itself. We're trying out UDI task sequences and have noticed a pretty gaping hole in functionality vs MDT 2012 by itself: password protecting a task sequence.
  In MDT 2012 there was a built-in feature that required domain credentials to run a task sequence. If one exists using SCCM/MDT 2012, I haven't been able to find it. I've only found stuff like this http://www.windows-noob.com/forums/index.php?/topic/2336-password-protect-a-task-sequence/ which
  would allow you to set a password, but not authenticate against AD. So, I'm wondering if there are any options to protecting a task sequence with domain authentication?
  My understanding is that the Refresh and Replace StageGroup only run when you kick off a UDI task sequence in Windows. That means I have to make a task sequence available to the Configuration Manager Client in order for a tech to run a Refresh/Replace. And,
  that in turn means that the UDI task sequence will be visible to all users since it needs to be available to their computer. Or, am I completely missing how UDI OSD should flow?  If so, then I hope someone can correct me.
  I'd appreciate any help or advice you can give. Thanks. 

  Hi,
  I am sorry to say that you are correct in your conclusions. There is no builtin way in ConfigMgr/MDT/UDI to require a domain username/password to run a task sequence, your option from Windows-noob.com is one way of solving it.
  Regards,
  jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec
  Thanks for the info. What about workflow? How do you usually handle UDI in Replace and Refresh scenarios? Do you deploy the task sequence to collections that users can access?

• Access to ACS 4.2 with Domain Credentials

  Hello,
  We have ACS 4.2 for windows on an enterprise network. User authentication to network devices are passing through the acs via tacacs+ with domain credentials.
  Please, i need to know if is possible to also have access to the acs GUI with domain (windows) credentials. If possible, send documentations.
  Awaits your response.
  Regards,
  Ethelbert

  I think you mean that radius is working through ACS for domain users.  TACACS is used for device access.  Here is a link to guide you through the setup.
  Scott
  **Please rate helpful post**

• Remote Desktop using Domain Credentials

  I have two Domain Controllers (Windows Server 2k8 R2 with IIS and DNS role). Forest and Domain functional level is Windows Server 2008. They are in separate locations joined by a VPN. I also have Dev servers (also Win 2k8 R2 with IIS role).
  I want to log into the Dev servers using my domain credentials. Can anyone tell me what I need to check or configure in order to achieve this?
  Note:
  - I do not have DHCP (yet), -> please confirm if this is an issue.
  - I can RDP to the Dev servers using their respective local users.
  - but network users (which are members of Domain Admin and Remote Desktop Users) cannot RDP.
  - do I need to have Remote Desktop Services (Terminal Services)? -> if so, i need to raise my functional level, right?
  - I am accessing them from Windows 7 (which is not a member of the domain)

  Hi,
  Thanks in advance. I can connect to my dev server (using domain credentials) when I am accessing it from my Domain Controller but when I am using my Windows 7 client, it produces these errors:
  *I usually get this error
  Remote Desktop can't connect to the remote computer for one of these reasons:
  1) Remote access to the server is not enabled
  2) The remote computer is turned off
  3) The Remote computer is not available on the network
  Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.
  ---- OR ----
  *Least frequent error
  Configuration information could not be read from the domain controller, either because the machine is unavailable or access has been denied.
         ---- OR -----
  *I get this whenever I entered the IP Address instead of the name (dev1):
         Your credentials did not work
  The credentials that were used to connect to 10.0.0.20 did not work. Please enter new credentials.
  The logon attempt failed
  2. There was no Security log when I got that error, but, a while ago, I was able to produce this security log:
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          4/13/2012 9:52:47 PM
  Event ID:      4625
  Task Category: Logon
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      dev1.domain.com
  Description:
  An account failed to log on.
  Subject:
  Security ID:
  NULL SID
  Account Name:
  Account Domain:
  Logon ID:
  0x0
  Logon Type: 3
  Account For Which Logon Failed:
  Security ID:
  NULL SID
  Account Name:
  admindomain
  Account Domain:
  DOMAIN
  Failure Information:
  Failure Reason:
  Domain sid inconsistent.
  Status:
  0xc000006d
  Sub Status:
  0xc000019b
  Process Information:
  Caller Process ID:
  0x0
  Caller Process Name:
  Network Information:
  Workstation Name:
  DC-00
  Source Network Address:
  Source Port:
  Detailed Authentication Information:
  Logon Process:
  NtLmSsp 
  Authentication Package:
  NTLM
  Transited Services:
  Package Name (NTLM only):
  Key Length:
  0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
  - Transited services indicate which intermediate services have participated in this logon request.
  - Package name indicates which sub-protocol was used among the NTLM protocols.
  - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
      <EventID>4625</EventID>
      <Version>0</Version>
      <Level>0</Level>
      <Task>12544</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8010000000000000</Keywords>
      <TimeCreated SystemTime="2012-04-14T02:52:47.862465000Z" />
      <EventRecordID>139204</EventRecordID>
      <Correlation />
      <Execution ProcessID="808" ThreadID="4648" />
      <Channel>Security</Channel>
      <Computer>dev1.domain.com</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="SubjectUserSid">S-1-0-0</Data>
      <Data Name="SubjectUserName">-</Data>
      <Data Name="SubjectDomainName">-</Data>
      <Data Name="SubjectLogonId">0x0</Data>
      <Data Name="TargetUserSid">S-1-0-0</Data>
      <Data Name="TargetUserName">admindomain</Data>
      <Data Name="TargetDomainName">DOMAIN</Data>
      <Data Name="Status">0xc000006d</Data>
      <Data Name="FailureReason">%%2314</Data>
      <Data Name="SubStatus">0xc000019b</Data>
      <Data Name="LogonType">3</Data>
      <Data Name="LogonProcessName">NtLmSsp </Data>
      <Data Name="AuthenticationPackageName">NTLM</Data>
      <Data Name="WorkstationName">DC-00</Data>
      <Data Name="TransmittedServices">-</Data>
      <Data Name="LmPackageName">-</Data>
      <Data Name="KeyLength">0</Data>
      <Data Name="ProcessId">0x0</Data>
      <Data Name="ProcessName">-</Data>
      <Data Name="IpAddress">-</Data>
      <Data Name="IpPort">-</Data>
    </EventData>
  </Event>
  3. No Application Errors

• SMB printing still busted

  I've seen many threads where there are some fixes, such as for hijack. However, I still haven't seen anything that repairs the SMB print function. Do I really need to perform a re-install from the CD and manually update the machine without the sec. update to print again? Right now I have to VM to Windows and print from there.

  Yeah I have tried all of the posted suggestions in that thread as well as many others. Nothing works. I have left feedback for Apple and hopefully along with all the other posted feedback, they'll actually fix the problem. In the meantime, if anyone has a cure or fix that I have not mentioned, please feel free to post.
  Thanks!

• Require cert and domain credentials to authenticate?

  Is there a way to require a machine certificate AND domain credentials to authenticate to a wireless network (Cisco LWAPP, ACS, AD)? 
  My objectives are:
  Permit access from corporate hardware ONLY, i.e., prevent users from logging from a personal laptop or PDA using their domain credentials.
  Validate that an employee is logging on to the network. 
  My current PEAP implementation only satisfies the second condition and from everything I have read EAP-TLS will only satisfy the first.  Is there a solution?
  thanks

  PEAP or EAP-TLS with machine auth will do  the first one then the user can log in as normal with their user credentials.

• How to pass server/domain credentials when accessing SSRS report through SSRS Web service programmatically?

  I am trying to render SSRS Report located on my remote report server in my ASP.NET MVC 4 app through reporting services web service programmatically.
  how can i send the server (windows/domain credentials) at runtime?
  tried below but no success.
  ReportingService2010 service = new ReportingService();  service.Credentials = new System.Net.NetworkCredential("username", "password");    service.Url = "http://MyReportServer/ReportServer/";

  Why are you using window domain credential ?
  Simply "rs.Credentials =
  System.Net.CredentialCache.DefaultCredentials" should work.
  http://technet.microsoft.com/en-us/library/ms170088(v=sql.110).aspx
  Regards, RSingh

• SMB/CIFS authentication window constantly pops up

  I have an Airport extreme.
  I conect my pwerbook via Airport and my powermac via ethernet.
  I've a hard disk connected to the airport.
  Yesterday on my powerbook SMB/CIFS authentication window constantly pops up.
  I have never set up any workgroup so if I click on cancel another window will apear in few second,
  the same is if I insert any password I have ever use in my life.
  HELP ME!!

  I have an Airport extreme.
  I conect my pwerbook via Airport and my powermac via
  ethernet.
  I've a hard disk connected to the airport.
  Yesterday on my powerbook SMB/CIFS authentication
  window constantly pops up.
  I have never set up any workgroup so if I click on
  cancel another window will apear in few second,
  the same is if I insert any password I have ever use
  in my life.
  HELP ME!!
  reformat the disk as HFS+ and access it using AFP.

• Set default Sign-in option to Domain credentials

  Hi there, our Windows 8.1 enterprise domain joined clients are set to logon using Email address by default instead of domain credentials. Anyone knows how to change this?
  any help would be appreciated!

  Hi,
  Try to deploy this policy:
  Local Computer Policy | Computer Config | Administrative | System | Logon | “Assign default domain for logon”.
  Kate Li
  TechNet Community Support

• Mac OS X Server asks for SMB/CIFS Authentication

  I don't know if this is a Tiger or Leopard Problem. When I try to connect to my server (2*2Ghz G5 10.5.latest) from my laptop (800 Mhz iBook 10.4.11) sometimes I
  get a SMB/CIFS Authentication login window. I should get an AFS login window.
  When I reboot the laptop it gives me the AFS login.
  Any Clues?
  Thanks, Jim.

  Hi Jim,
  I'd try this on the Laptop...
  Finder>Go menu>Connect to Servers..., then type in like...
  afp://ip.of.the.server
  Once the globe mounts on the Desktop, drag it to the right side of the Dock for a quick Dynamic Mount when needed.

• Logging on to Win 8.1 workstation with domain credentials

  Hi All.
  I been on Windows 8 Pro(now 8.1 update 1) for over a year now. Until now, I've always logged on to my workstation with my MS account. I recently decided to join my workstation to a domain where the Primary DC is running Server 2008 r2. I joined the domain
  without a hitch, but when I try to log on to the workstation using domain credentials, the logon screen seems to insist on a MS account. It wants user name to be in email form only. When I tried to use my domain credentials in that format ([email protected])
  it told me that the password is wrong and I should make sure to use my MS account password.
  I tried disconnecting my MS account from my local account, but it didn't help.
  Any ideas?

  I'm not sure if what you are doing is supported, to have a local MS sign-in account as well as a corporate domain account residing side by side, you might have to give up your MS sign-in and use a local ID for the domain logon to work
  you may however consider setting this up using the Workplace Join feature in 8.1 which should work much better
  http://blogs.technet.com/b/keithmayer/archive/2013/11/08/why-r2-step-by-step-solve-byod-challenges-with-workplace-join.aspx