intranet cross forest trusts

intranet cross forest trusts

am 14.04.2008 18:58:31 von Paul

Hi,

We have two 2003 AD forests with trusts in place and we are in the process
of building a intranet. We have set the security to Windows intergrated
authentication. When a user in forest1 (the one that also has the web server)
tries to access the site it works fine. When a user in forest2 tries to acces
the web site they are challenged.

Does Windows authentication inot take into account trustes?

Re: intranet cross forest trusts

am 18.04.2008 20:42:51 von Tiago Halm

Yes it does, you may, however, need to raise the forest and domain
functional levels.
Before doing so, read the steps and, more importantly, the implications:
http://support.microsoft.com/kb/322692

A user account of forest2 will receive a referral TGT from AS
(Authentication Service) in forest2 which the TGS (Ticket Granting Service)
in forest1 will validate with the inter-forest trust key before delivering
the service ticket.

Also make sure the machine in forest2 can reach the DCs (reach the TGS) of
forest1.

Exceptional reading on Kerberos canbe found here:
http://technet2.microsoft.com/windowsserver/en/library/4a1da a3e-b45c-44ea-a0b6-fe8910f92f281033.mspx?mfr=true

Tiago Halm

"Paul" wrote in message
news:11EAAEE4-75C6-4573-BC77-1240F288AF28@microsoft.com...
> Hi,
>
> We have two 2003 AD forests with trusts in place and we are in the process
> of building a intranet. We have set the security to Windows intergrated
> authentication. When a user in forest1 (the one that also has the web
> server)
> tries to access the site it works fine. When a user in forest2 tries to
> acces
> the web site they are challenged.
>
> Does Windows authentication inot take into account trustes?