Microsoft KB Archive/150733

= FPNW Groups Not Recognized from Trusted Domain =

Article ID: 150733

Article Last Modified on 9/23/2005

-

APPLIES TO


 * Microsoft File and Print Services for Netware 3.51
 * Microsoft Windows NT Server 3.51
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows Services for Netware 4.0

-



This article was previously published under Q150733



SYMPTOMS
NetWare clients running login scripts that contain IF MEMBER_OF statements do not work properly when run from File and Print Services for NetWare (FPNW) servers participating in a master domain model. The IF MEMBER_OF statements are always false, as if the user did not belong to any of the groups being tested.



CAUSE
FPNW uses pass-through authentication for verifying user accounts only. Group accounts are only verified locally and, therefore, must be in the local bindery of the FPNW server.

Adding the user to a group account that exists locally does not work around the problem because the user accounts belong to the master domain, not the resource domain. Therefore, there is no user-to-group relationship in the local bindery of the FPNW server in the resource domain.

The problem is also true for member servers in a single domain. Group membership is not verified from the domain account database because the user and the group accounts do not exist in the local bindery of the FPNW server.



RESOLUTION
To resolve this problem, contact Microsoft Technical Support to obtain the following fix, or wait for the next Windows NT service pack. This fix is available only for MS-DOS based clients.

This fix should have the following time stamp:

  09/10/97  04:47p               244,128 fpnw.dll    (Intel) 09/10/97 04:47p               222,656 fpnwsrv.sys (Intel) 09/10/97 04:45p               438,544 fpnw.dll    (Alpha) 09/10/97 04:44p               437,488 fpnwsrv.sys (Alpha) 09/10/97 04:43p               265,676 login.exe   (Intel or Alpha)

A fix is not available for other FPNW clients at this time. To work around the problem with Windows 95 or Windows NT clients, you must use a Windows NT logon script to test for group membership.

To test group memberships in a Windows NT logon script, you can use the Ifmember.exe utility from the Windows NT resource kit. For information on using this utility, see the Resource Kit Utilities Overview help file.



STATUS
Microsoft has confirmed this to be a problem in File and Print Services for NetWare version 4.0. A supported fix is now available, but has not been fully regression tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next service pack that contains this fix. Contact Microsoft Technical Support for more information.

Microsoft has confirmed this to be a problem in File and Printer Services for NetWare version 3.51. We are researching this problem and will post additional information here in the Microsoft Knowledge Base as it becomes available.

Keywords: kbbug kbfix kbqfe kbhotfixserver KB150733

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.