I have created a standalone DFS on Domain A. Internal to the domain everything appears to work properly. Accessing the DFS Share from a Domain B computer also appears to work properly. We just finished getting a oneway trust with domain B so we can use their User accounts in Domain A.
The problem occurs when attempting to access the DFS Share from a workstation that is not a member of either domain. (Very common as Domain A is a specific Development environment with only resource servers, and Domain B is the corporate Domain but the domain policy's break a lot of development apps so most developers do not use workstations joined to the domain.) Pointing explorer to the DFS \\dfsserver.domainA.com\dfsroot asks for authentication and works properly. You can see the folders for the referrals in Explorer. Now here is where is breaks, If you click on one of the referral folders you will get an error message stating that the path is not accessible, unknown user or bad password.
I ran wireshark to capture the network traffic and it is noted that clicking on the referral sends the local log on credentials for the workstation (ie mypc\user) rather than the credential just provided to access the DFS Root.
If the DFS root is mapped using different Domain A or Domain B credentials everything apears to work properly and clicking on a folder gets a proper referral.
This behavior persists across XP, Vista, Win7, Server 2003, Server 2008.
I am told by management that requiring a user to map the DFS root is unacceptable and that the referral needs to ask for credentials.
I have tried using the workstations credential manager but it does not appear to function with a DFS referral.
Any help or pointers will be much appreciated.
On a side note Macintosh machines do not have this problem, for them once you authenticate to the DFS root everything just works.
Thanks or your assistance.
Duane