List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] AD trust and authentication

Prev Next

You are not authorized to post a reply.

Author

Messages

damjand

Posts:1

09/08/2008 4:43 PM
Hello all, I have a question about authentication in AD trust. My situation is: a XP workstation is a member of example.com domain which has a trust with the example.abc domain. When a user from the example.abc wants to login to this workstation with his credentials from example.abc he gets a message that the domain is not available. The DC for example.com has network visibility with the DC for example.abs but the workstation does not. Does the client(a XP workstation) need to have a network visibility with the trusted domain? I thought that all the stuff will be done by the DC for example.com but maybe I'm wrong... Thanks, Dame. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx

Parzival

Posts:107

09/08/2008 4:48 PM
It depends on the authentication method.. when you logon to a workstation kerberos is used and the client needs to contact all the domain controllers in the authentication path, if you have two forest each with 2 domains (root-child).. your workstation in child domain A, logging on to Child domain B actually needs to contact all 4 domains. If you logon to say a website using NTLM authentication, the forest path is followed and the NTLM authentication package will follow the trust path and will be forwarded by the domain controllers to the destined domain controller. The workstation does not need direct access to the domain controller of the resource. See also my blog entry: http://blog.avanadeadvisor.com/blogs/parzival/archive/2008/04/25/10994.aspx _R -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Gil Kirkpatrick Sent: Thursday, September 04, 2008 10:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD trust and authentication The workstation needs to communicate with a DC in the domain it is authenticating to. -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Damjan Dimitrov Sent: Thursday, September 04, 2008 5:22 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD trust and authentication Hello all, I have a question about authentication in AD trust. My situation is: a XP workstation is a member of example.com domain which has a trust with the example.abc domain. When a user from the example.abc wants to login to this workstation with his credentials from example.abc he gets a message that the domain is not available. The DC for example.com has network visibility with the DC for example.abs but the workstation does not. Does the client(a XP workstation) need to have a network visibility with the trusted domain? I thought that all the stuff will be done by the DC for example.com but maybe I'm wrong... Thanks, Dame. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] AD trust and authentication

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads