What are your settings for Microsoft Network Server on the servers in question? Since you've got digitally sign communications always (enabled) on the client, if the digitally sign communications setting doesn't match on the server, it may not work properly. You also need to enable digitally sign communications (if server agrees) on both machines. This setting is needed for the (always) policy. The (if server agrees) part controls whether or not SMB has signing enabled; the (always) part controls whether it's required or negotiated. This guide will help explain some of the settings a bit better... http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/S erverHelp/f28512dc-f364-4125-a97a-75c80e98a20c.mspx
HTH... ********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Schmieder, Marc > Sent: Thursday, June 30, 2005 5:04 AM > To: [email protected] > Subject: [ActiveDir] OT - Drive mapping error > > Does anyone know why a group of machines in the same OU would > get the "The account is not authorized to login from this > station" message when attempting to map a drive to servers in > another domain. The workstations were set to use use NTLMv2 > for LAN Manager Authentication Level and refuse LM and NTLM. > I have since changed them to use: Send LM & NTLM - use NTLMv2 > session security if negotiated, but it has not seemed to > help. Any ideas? > > > > Win2k Pro > > Win2k Server > > 2 AD domains with external trust > > > > Client Group Policy Settings: > > Microsoft Network Client : > > Digitally sign communications > (always) - Enabled > > > > Lan Manager Authentication Lever - Send LM & NTLM > - use NTLMv2 session security if negotiated > > > > > > Marc > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
