Re: pls Help!! After Trust, cannot access from local to foreign do
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Wed, 10 May 2006 20:20:49 +0100
Hi
Ok back to the first:
Do you have any firewall between the domains?
Service overview and network port requirements for the Windows Server system
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
Did you changed anything security related in any of the domains?
I did a research and i Found something related to the error:
error 1326
ERROR_LOGON_FAILURE
Logon failure: unknown user name or bad password.
See if it helps:
Client, service, and program incompatibilities that may occur when you
modify security settings and user rights assignments
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"chua" <chua@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DA2A4122-5A53-49B8-A354-1A7D65E723FA@xxxxxxxxxxxxxxxx
- Make sure that each DNS server only points to itself under NIC DNS
properties.
- Make sure that each DNS server can resolve both domains (Create
Conditional Forwarding, Stub Zones or Secondary Zones).
ANS: yes, i did a secondary for both.
nslookup domain1.com
nslookup domain2.com
ANS: yes, i can ping or nslookup for the domain.
ANS: yes, local client use local dns.
- Make Sure that each client only uses the local dns server under the NIC
properties.
- If you use NetBios Names and you're in different subnets over Wan,
setup
at least one Wins Server in each Domain, and point the servers and
clients
to their respective local Wins Server.
ANS: No.. All same subnets
But the problem is like security issues, where after trusts, seems like it
force to use keberous authentication when accessing at other forest. If
the
user/s do not have permission, it will just get 'access denied'.. If
without
Trust, accessing the resources will get the prompted authentication box
(should be NTLM)...
So how can i achieve, with Trusts.. users at local domain can access
remote
domain rescources...
Your advise is appreciate....
steve
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"chua" <chua@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0D9B3758-791A-4803-AF09-DCE5C6E9CCAA@xxxxxxxxxxxxxxxx
Hi,
2 DCs at each domains. all DCs were DNS servers. the DCs are pointing
to 1
DNS server, likewise on the other domain. The DCs did not point to any
of
the
other domain DNS. I'm not at remote site so not able to produce the
dcdiag.
i have ran and go thru the Dcdiag. No DNS errors were found in the log.
DO u think is some DNS issues?
steve
"Jorge Silva" wrote:
Hi
Can you tell us how your dns configuration is set up on both domains?
Are the clients DNS properties pointing to their local server in their
domain?
Can you post here the results for ipconfig /all for both servers?
If you run dcdiag /v /c /e are you getting any errors?
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"chua" <chua@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:06FD0E65-811C-49E7-BA73-96765B8CB5F6@xxxxxxxxxxxxxxxx
Hi Paul,
Thanks for replying.
Actually i doing migration for a customer. Their existing
environment
structure is weird. They have 2 domains where both domains have
users.
Fileserver is at source domain. Target domain users login to local
domain
and
uses UNC method to access filesever in remote domain. When prompt
for
authentication, they will use the source domain credentials to
login.
1) at the fileserver shared folder, i have added the target domain
users
in
the NTFS permission. but once they click the shared, they will get
Access
Denied.
I can't possible redo the security permission on the fileserver as
they
have
400 of users. i will be a pain to re-assign.
2) i have tried both method. Forest-wide and Selective
Authentication.
Which is the better approach? Security is not an issues as both
domain
users
from cross-forest should access one another resources.
3) once i remove the trust, the users wil get the prompt for
authentication
box again. Which this is what i want to retain after trust.
steve
"Paul Williams [MVP]" wrote:
But after trust, users at target domain cannot access
resources(fileserver) at source domain anymore..which they used
to
be
able
to.
They're now probably getting access denied. You need to grant
permissions
to a group to allow access. In the past, I assume the users were
providing
credentials for the local domain when prompted when accessing from
the
remote domain?
Any workaround for this? where i can establish trust and users at
target
domain still able to use UNC path to access resources at source
domain??
You need to define access by settings permissions on the objects in
question -shared folders and NTFS permissions in your example.
Error after trust: "the machine you are logging onto is protected
by
an
authentication firewall."
What options did you choose when you defined the trust? Have you
perhaps
enabled selective authentication? Check the trust properties.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
.
- References:
- Re: pls Help!! After Trust, cannot access from local to foreign domain
- From: Paul Williams [MVP]
- Re: pls Help!! After Trust, cannot access from local to foreign do
- From: Jorge Silva
- Re: pls Help!! After Trust, cannot access from local to foreign do
- From: chua
- Re: pls Help!! After Trust, cannot access from local to foreign do
- From: Jorge Silva
- Re: pls Help!! After Trust, cannot access from local to foreign do
- From: chua
- Re: pls Help!! After Trust, cannot access from local to foreign domain
- Prev by Date: Re: NT to W2K3 Migration
- Next by Date: Re: NT to W2K3 Migration
- Previous by thread: Re: pls Help!! After Trust, cannot access from local to foreign do
- Next by thread: Re: How to find out User ID to log in to the Domain using workstation
- Index(es):
Relevant Pages
|
