Articles

Solved Problems connecting clients to a NAS when server down

January 27, 2013 at 06:03:51
Specs: Windows Vista Home Premium

I suppose this is a slightly unusual scenario. I am running a home network, and have an old desktop running server 2003 SP2 to try and learn about servers and networking.

The router runs DHCP, the server has DNS and AD.

I would like to have the NAS available for backup purposes, but also for file-sharing when the server is not running (as it's a home network, I do not wish the server to be running 24/7)

There are only 2 clients - one running Vista Home Premium, the other running XP Pro.

The problem I have is that if the server is running, all devices can connect to a shared file or folder, however, if I secure those shares, allowing only certain users, I can not get the clients to talk to the share (though they will without the security). It seem sto be that the clients are trying to force the use of domain logins to the NAS even if the domain is no longer present.

How can I set things up so that if the server is present, UserName includes network credentials, but does not if the server is not present?

(The NAS can use either domain replicated users, or users created on the NAS itself)

Thanks.


See More: Problems connecting clients to a NAS when server down

Report •


#1
January 27, 2013 at 07:15:42

First rule of Active Directory: The Domain Controller must always be up.

How To Ask Questions The Smart Way


Report •

#2
January 27, 2013 at 10:24:51

Thanks Razor. Is there no way round this then? The router is the DHCP, so if that is up, why can't I use local NAS user credentials rather than domain credentials as the username on the client? I.e. if I create a local user 'Richard' on the NAS, when I try to connect from the client it changes the username to ComputerName\Richard, rather than just 'Richard'. Is there any way to force it to remain as just 'Richard'? I've tried flushing the DNS but it still seems to retain the cached credentials.

Thanks,

Richard


Report •

#3
January 27, 2013 at 16:26:34
✔ Best Answer

The "ComputerName\Richard" part just means it's the "Richard" account on "ComputerName" and not on the AD. Workgroup mode doesn't typically show the "ComputerName" part of it because there's no point; there's no AD option so there's no reason to specify.

How To Ask Questions The Smart Way


Report •

Related Solutions

#4
January 28, 2013 at 04:29:36

Thanks again Razor. I've now managed to get round the issue.

Originally, the NAS was configured to be part of a workgroup, hence the client appending the ClientName as a suffix. I moved the NAS to a domain, but then could not conect when the server was not running. Leaving the NAS configured as part of a domain, and creating local users that match the client logons, means that now, the clients can connect to the NAS whether the server is running or not (I guess, since the server is not present, the clients default to local credentials)

If my requirements sound a little strange, I don't want the server running 24/7 as I need to learn a lot more before I am convinced I can keep it secure), and the NAS has a built in facility to provide web access, but the only security available when we access is enabled is user permissions on the share.

Thanks again for your help.
Richard


Report •

#5
January 28, 2013 at 05:36:24

Suggested reading: technet.microsoft.com. It's old, but the information still applies. Also, have a firewall between your network and the Internet. For the purposes of this conversation, a NAT router may suffice. The advice mostly boils down to keep other people off the DC, and keep yourself off the DC.

How To Ask Questions The Smart Way


Report •

#6
January 28, 2013 at 06:15:50

Brilliant, thanks Razor, I'll have a detailed look through the article and make and necessary config changes. There is a firewall on the router, but I am wary of relying to heavily on that (even DHCP is iffy and support is practically non-existent) but I also run the windows firewall, so hopefuly I should hopefully be OK beteeen the two. Having said that, I was using Network Monitor trying to trace something else and saw some unknown IPs passing through, one of which was from Korea, so I am pretty sure I need to tighten up security on it!

Report •


Ask Question