Re: Multi-Forest Login

From: "Kevin Antel" <kevina@xxxxxxxxxxx>
Date: Mon, 22 Aug 2005 12:15:31 -0400

Yes, here is the scenerio:

Internet
|
Firewall
|
DMZ - ForestDomain1.com
|
Firewall
|
Internal Network - ForestDomain2.com

I want the users of ForestDomain2.com to be able to sign on, and I can
assign permissions in ForestDomain1.com servers, so ForestDomain2.com users
can have access. These are 2 separate forests, not both members of the same
forest.

I assumed that I would have to setup an external trust on ForestDomain1.com
and open ports to the internal network. Is that correct? What ports do I
need to open?

"Dmitry Korolyov [MVP]" <d__k@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OuBHB52nFHA.2860@xxxxxxxxxxxxxxxxxxxxxxx
> 1) What is a Forest Domain? Are you talking about different domains in the
> same forest or about different domains in separate forests?
> 2) You cannot login to several domains. Since you authenticate in one
> domain during logon. If you need to use single sing-on to access resources
> in different domains, you should establish trust relationship between
> these domains.
>
> --
> Dmitry Korolyov [d__k@xxxxxxxxxxxxxxxxxxxxxx]
> MVP: Windows Server - Directory Services
>
>
> "Kevin Antel" <kevina@xxxxxxxxxxx> wrote in message
> news:eMwEg%231nFHA.1480@xxxxxxxxxxxxxxxxxxxxxxx
>>I have a situation where I have users in an internal forest domain,
>>needing access to resources in my DMZ, which is in another Forest Domain.
>>It's a pain to have two logins for each resource they access, so, is there
>>a way to either have the internal domain account have access to the
>>external domain account (of which, there are no incoming ports open on the
>>firewall) or, at boot, have them login to both domains, to so that
>>options, like in SQL Server, where you can specifiy, use my windows login
>>acount, is usable, from their external login?
>>
>> Thanks.
>>
>
>

.

Follow-Ups:
- Re: Multi-Forest Login
  - From: Dmitry Korolyov [MVP]

References:
- Multi-Forest Login
  - From: Kevin Antel
- Re: Multi-Forest Login
  - From: Dmitry Korolyov [MVP]

Prev by Date: Secure LDAP
Next by Date: Access Denied message after establishing a Forest Trust in Win2K3
Previous by thread: Re: Multi-Forest Login
Next by thread: Re: Multi-Forest Login
Index(es):
- Date
- Thread

Relevant Pages

Re: pop up ads
... still vulnerable to anonymous login ID enumeration from the internet. ... and/or use IPSec or TCP/IP Filtering or personal firewall software or a 3com ...
(microsoft.public.win2000.security)
Re: Apparent NetBIOS Attack - How Dangerous?
... Are you using a firewall such as a personal firewall or a hardware device - ... that some individual (from the Internet) is attempting to log ... the individual basically uses every account available in our ... > then the user attempts to login with one or more of these accounts. ...
(microsoft.public.win2000.security)
Re: too many login attempts from Internet
... fix your firewall, its either not working or is configured improperly. ... > found out that I'm getting a continuous stream of failed login attempts ... Without disconnecting the server ... > from the Internet, is there any way I could stop this? ...
(microsoft.public.win2000.security)
Auto complete problems
... Internet Explorer does not remember login id's or ... passwords. ... the firewall does not automatically ... allow systems to access the internet even though I check ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: avast
... > Just did a clean installation of xp pro sp1 and download 'avast anti ... Did you firewall before connecting to the internet? ... Internet and patch with the critical updates? ... Why you should use a computer firewall.. ...
(microsoft.public.windowsxp.general)