Hi,
We have two 2003 AD forests with trusts in place and we are in the process
of building a intranet. We have set the security to Windows intergrated
authentication. When a user in forest1 (the one that also has the web server)
tries to access the site it works fine. When a user in forest2 tries to acces
the web site they are challenged.
Does Windows authentication inot take into account trustes?
Yes it does, you may, however, need to raise the forest and domain
functional levels.
Before doing so, read the steps and, more importantly, the implications:
http://support.microsoft.com/kb/322692
A user account of forest2 will receive a referral TGT from AS
(Authentication Service) in forest2 which the TGS (Ticket Granting Service)
in forest1 will validate with the inter-forest trust key before delivering
the service ticket.
Also make sure the machine in forest2 can reach the DCs (reach the TGS) of
forest1.
Exceptional reading on Kerberos canbe found here:
http://technet2.microsoft.com/windowsserver/en/library/4a1da a3e-b45c-44ea-a0b6-fe8910f92f281033.mspx?mfr=true
Tiago Halm
"Paul"
news:11EAAEE4-75C6-4573-BC77-1240F288AF28@microsoft.com...
> Hi,
>
> We have two 2003 AD forests with trusts in place and we are in the process
> of building a intranet. We have set the security to Windows intergrated
> authentication. When a user in forest1 (the one that also has the web
> server)
> tries to access the site it works fine. When a user in forest2 tries to
> acces
> the web site they are challenged.
>
> Does Windows authentication inot take into account trustes?