When you use “Net Use” to map drives in the login script to Microsoft shares only, it passes Username, not Domain/Username. This presents an issue to users/establishments who do not join an Active Directory domain but are members of workgroups with accounts in AD.
I noticed that on the PDC/BDC’s this was not an issue, as it would check the username against AD. However, member servers would check locally then stop.
In the login script where you would have
#net use u: \\server\share
you need to change it to:
#net use u: \\server\share /USER:Domain\%LOGIN_NAME
This prefixes your domain name to any requests for services, and the member server then checks your authentication against the domain.
I hope this helps others, as this simple fix took me a while to muster!
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.