Authenticating against a domain cifs share from a non domain server in IIS7.5 2008

Posted by admin on July 8th, 2010 | 0 comments

Its generally good practice security wise if possible to keep public facing web servers either out of your AD domain, or have them in their own domain.

For me I encountered a problem where I have a non domain server running an .NET application which needed to write files to a cifs share which was using domain authentication.

This was a problem initially as the default application pool runs as a local builtin account and therefore has no permissions on the remote cifs share, however, I decided that I would be happy enough creating a user which mirrored a domain user by name and password, and hope that pass through authentication would work.

It didnt :-(

So after lots of digging and gnashing of teeth, a colleague of mine found the perfect solution.

In windows 2008 there is a command called cmdkey which allows you to use a local account to cache domain user account credentials for a specific target domain / server.

So in my instance running a dos prompt as my new user, I did a cmdkey /add:cifsserver /user:domainname\username pass:domainuserpass

And bingo everything now works a treat!

You can follow any responses to this entry through the RSS 2.0 feed.

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comment Spam Protection by WP-SpamFree