Re: trusts, credentials, and authentication

From: "Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx>
Date: Sun, 9 Oct 2005 22:58:00 +0100

You're guessing correctly. Without the trust, NETLOGON tries to
authenticate using the credentials in the local SAM. With the trust in
place, the domain credentials are used as there's a secure channel between
the DC your workstation finds (and uses), and the one that the resource is
using.

You need to set permissions in the trusting domain. Best way would be to
add your global group to a domain local group in the trusting domain, and
assign the permissions to the domain local group.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

.

Prev by Date: Re: Wrong Logonserver users getting second site:
Next by Date: Re: AD Query
Previous by thread: Re: Wrong Logonserver users getting second site:
Next by thread: Re: AD Query
Index(es):
- Date
- Thread

Relevant Pages

Re: External trust & resources sharing
... It's not clear the direction of trust. ... > But if I am trying to search for this domain local group from SQL server ... I can not found it - only global groups are listed. ... this sounds like you're not in native mode. ...
(microsoft.public.windows.server.active_directory)
Re: Global Group or Universal Group???
... Create a trust, you could then have a domain local group and populate all ... users in the second domain to have access to a database in the first ...
(microsoft.public.windows.server.active_directory)
Re: NT4 and 2000 Trust
... user/group from when you try such if the trust is correctly configured. ... > NT4DOMAIN\APPSAdmins domain local group in the local administrator group. ... > security changes that need to be made using the 2000Domain\user account ...
(microsoft.public.win2000.security)