Re: Cannot assign Mac permissions in trusting domain

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Byron Kendrick (bkendrick_at_austincollege.edu)
Date: 09/28/04 

Date: Tue, 28 Sep 2004 15:15:00 -0500

OK here it is. Some how the trust have been broken. When you go to the
domain controllers it looks to be right but according to MS KB article
271924 the trust have been broken. Well I don't knwo what to do since they
look right in the User Manager on the NT4.0 BDC's and on in the Domains and
Trust app on the AD PDCE's. Would it be a good thing to try to break the
trust and re-assign it?

Byron

"Byron Kendrick" <bkendrick@austincollege.edu> wrote in message
news:%23rjLutYpEHA.4008@TK2MSFTNGP14.phx.gbl...
> WINS settings look OK.
>
> This really looks like an Appletalk issue. When you view the permission
> from the PC side everything is correct.
> Thursday morning there were some MS patches run. KB873374, KB867801, and
> KB833989, but I cannot find anything in MS Knowledge base that indicates
> they might be detrimental to Appletalk users. Boy will I be glad to see
> Appletalk go away, although it may be gone. There are just too many Macs
> out there taht we cannot upgrade just yet.
>
> Byron
>
> "Byron Kendrick" <bkendrick@austincollege.edu> wrote in message
> news:uR$olvQpEHA.2032@TK2MSFTNGP10.phx.gbl...
>>
>> "William Smith" <mecklists@REMOVETHIS.mn.rr.com> wrote in message
>> news:mecklists-5B34F6.21082627092004@msnews.microsoft.com...
>>> In article <#inUSLJpEHA.2588@TK2MSFTNGP12.phx.gbl>,
>>> "Byron Kendrick" <bkendrick@austincollege.edu> wrote:
>>>
>>>> > First WINS should have nothing to do with your permissions but since
>>>> > you
>>>> > mention WINS I'm guessing you're using a Mac OS X 10.2 or later
>>>> > system.
>>>> ----deleted----
>>>> Yes it worked for years without a hitch.
>>>
>>>
>>> Interesting situation. What changes were made to WINS?
>>
>> Just briefly there are 2 WINS servers on the network. One in each
>> domain. For some reason the person who set them up tried to make the
>> domain1 (trusted domain) server the primary for both domains. Even the
>> server in domain2 (trusting domain) was set to use the domain1 WINS
>> server as a primary instead of itself. All the servers in both domains
>> as well as all the DHCP scope were set that way. The changed that took
>> place were to set up the domain2 servers and scopes (VLANS) for the
>> dorms, computer labs and such to point to the WINS server in their login
>> domain, domain2. I can't give a lot of detail as I was not involved.in
>> the setup or the changes that were made on the WINS servers. The changes
>> that were made cleared up some authentication problems that we were
>> having in Domain2 but that was mostly adding domain2 PC to the domain.
>>
>> I have found out today that it appears to be isolated to the older OS's.
>> OS 10.3 systems seem to be OK. I'll check out the static entries on the
>> WINS servers tomorrow and get back.
>>
>> Byron
>>>
>>> This could be a variety of things but I would start by looking at static
>>> WINS entries for your servers.
>>>
>>> Also, were any WINS entries deleted without being tombstoned? Something
>>> may have come back from a replication partner that shouldn't have. If
>>> DNS is performing a WINS lookup against some stale records then one of
>>> your AD servers may be receiving some erroneous information.
>>>
>>> bill
>>> --
>>> William M. Smith
>>> (Microsoft Interop MVP)
>>
>>
>
>

Relevant Pages

  • Re: Cannot assign Mac permissions in trusting domain
    ... Some how the trust have been broken. ... Byron ... > they might be detrimental to Appletalk users. ... >> Just briefly there are 2 WINS servers on the network. ...
    (microsoft.public.macintosh.general)
  • Re: Active Directory Restructure Question
    ... If you are building a new forest you can use the Active Directory ... To start would have to establish dns connectivity both ways, ... Once established you can then go and create your external trust, ... domains for your UNIX/LINUX servers, ...
    (microsoft.public.windows.server.active_directory)
  • Re: network replacement
    ... It sounds much more convoluted once the whoel details are provided. ... I would go with a new domain and setup a trust and migrate using ADMT. ... as servers with a trust between the two. ... same logins; ...
    (microsoft.public.windows.server.active_directory)
  • Re: Active Directory Restructure Question
    ... If you are building a new forest you can use the Active Directory Migration ... To start would have to establish dns connectivity both ways, ... Once established you can then go and create your external trust, ... domains for your UNIX/LINUX servers, ...
    (microsoft.public.windows.server.active_directory)
  • Re: DNS-One Way Trust-questions....
    ... If this is not the same forest (which is implied by a one-way trust since ... NETBIOS name resolution to work. ... Unless you are on a SINGLE subnet you will need WINS servers ...
    (microsoft.public.win2000.dns)