Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

/proc/kallsyms format, sqldatasource dal, wwwxxxenden, convert raid5 to raid 10 mdadm, apache force chunked, nrao wwwxxx, xxxxxdup, procmail change subject header, wwwXxx not20, Wwwxxx.doks sas

Links

XODOX
Impressum

#1: intranet cross forest trusts

Posted on 2008-04-14 18:58:31 by Paul

Hi,

We have two 2003 AD forests with trusts in place and we are in the process
of building a intranet. We have set the security to Windows intergrated
authentication. When a user in forest1 (the one that also has the web server)
tries to access the site it works fine. When a user in forest2 tries to acces
the web site they are challenged.

Does Windows authentication inot take into account trustes?

Report this message

#2: Re: intranet cross forest trusts

Posted on 2008-04-18 20:42:51 by Tiago Halm

Yes it does, you may, however, need to raise the forest and domain
functional levels.
Before doing so, read the steps and, more importantly, the implications:
http://support.microsoft.com/kb/322692

A user account of forest2 will receive a referral TGT from AS
(Authentication Service) in forest2 which the TGS (Ticket Granting Service)
in forest1 will validate with the inter-forest trust key before delivering
the service ticket.

Also make sure the machine in forest2 can reach the DCs (reach the TGS) of
forest1.

Exceptional reading on Kerberos canbe found here:
http://technet2.microsoft.com/windowsserver/en/library/4a1da a3e-b45c-44ea-a0b6-fe8910f92f281033.mspx?mfr=true

Tiago Halm

"Paul" <Paul@discussions.microsoft.com> wrote in message
news:11EAAEE4-75C6-4573-BC77-1240F288AF28@microsoft.com...
> Hi,
>
> We have two 2003 AD forests with trusts in place and we are in the process
> of building a intranet. We have set the security to Windows intergrated
> authentication. When a user in forest1 (the one that also has the web
> server)
> tries to access the site it works fine. When a user in forest2 tries to
> acces
> the web site they are challenged.
>
> Does Windows authentication inot take into account trustes?

Report this message