Authentication in a multi-domain forest
- From: Steve Athanas <Please_just_reply_to@xxxxxxxxx>
- Date: Tue, 16 Aug 2005 09:15:57 -0400
Hey, everyone:
I'm looking for a bit of information about how clients in one domain can authenticate to resources in another domain (provided that both are in the same forest, with all default transitive trusts in place and no shortcut trusts.)
Suppose a forest has three domains: a parent named company.com, and two child domains named sales.company.com, and research.company.com. What we have noticed in our environment, similar to the one above, is that if a sales user logs on to a computer in the research domain, and attempts to access a resource in the company domain, there are requests for Kerberos and LDAP that go to the root, company.com DCs.
Does anyone know why this would be? I thought that the user would authenticate to their DC, and that credentials would be passed from DC to DC. If there is a white paper on intra-forest authentication, I would love to read it, I searched the KB articles, but couldn't find one.
Thanks for any information!
-Steve Athanas .
- Follow-Ups:
- RE: Authentication in a multi-domain forest
- From: JSilva
- RE: Authentication in a multi-domain forest
- Prev by Date: Re: Authentication accross child domains
- Next by Date: Re: legacy domains removed with metadata cleanup tool
- Previous by thread: Re: DC Temporarily Off-line, Remaining DC Struggling
- Next by thread: RE: Authentication in a multi-domain forest
- Index(es):
Relevant Pages
|
Loading
