Authenticating against a domain cifs share from a non domain server in IIS7.5 2008

Its generally good practice security wise if possible to keep public facing web servers either out of your AD domain, or have them in their own domain.

For me I encountered a problem where I have a non domain server running an .NET application which needed to write files to a cifs share which was using domain authentication.

This was a problem initially as the default application pool runs as a local builtin account and therefore has no permissions on the remote cifs share, however, I decided that I would be happy enough creating a user which mirrored a domain user by name and password, and hope that pass through authentication would work.

It didnt 🙁

So after lots of digging and gnashing of teeth, a colleague of mine found the perfect solution.

In windows 2008 there is a command called cmdkey which allows you to use a local account to cache domain user account credentials for a specific target domain / server.

So in my instance running a dos prompt as my new user, I did a cmdkey /add:cifsserver /user:domainname\username pass:domainuserpass

And bingo everything now works a treat!

You can follow any responses to this entry through the RSS 2.0 feed.

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This blog is kept spam free by WP-SpamFree.