Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

An Impossible Authentication Scenario?

Status
Not open for further replies.
keithja

keithja

MIS
Sep 12, 2003
88
US
Hi,

I have what seems to be an impossible cross-domain authentication issue.

Imagin 3 domains: a, b, and c.
Domain a is an NT4 domain with 2 one-way trusts to domain b
Domain B is an AD 2003 domain and has a two-way transititive trust to Domain C
Domain C is is a win2012


I am trying to provide access to shares on domain a(nt) to users on domain C (win2012)

I know NT 4 doesnt support transitive trusts
I dont think domain C can directly establish a trust with domain A.
where does that leave me?

I have tried placing the domain-c account into a domain-local group on B, which A trusts, and then granting permission to a share on domain a, to that group: but no soap.

Should/could that work? Can anyone think of any other options (short of using 'map drive using different credentials)?

I should further mention that the nt4 domain is actually an ntr emulation. It does not appear to allow users from different domains to be added directly to share permissions - only groups from different domains.



thanks for any help
k
 
Sort by date Sort by votes
What about creating a virtual directory in domain B IIS that is the share in domain A?

Biglebowskis Razor - with all things being equal if you still can't find the answer have a shave and go down the pub.
 
Upvote 0 Downvote
Isn't it time you totally re-invented that network as it's a mess of older versions, etc.?? Perhaps they aren't all under the same corporate umbrella. You didn't give much info. I know, not the answer to the question.
 
Upvote 0 Downvote
Thanks for the input.

goombawaho, Domain A is actually an emulated NT4, providing MSstyle user shares, running on a Mainframe that provides much of our front-end functionality. The emulated domain provides a tie between the Windows world and the Mainframe world of functionality.
Domain C is the new corporate domain which we are doing our best to fully migrate over to: however it will take time - particularly in the case of moving functionality off of domain A

Biglebowski, the virtual directory is an interesting idea. I haven't used them before so I don't know too much about them. I will investigate further to see if this might be an option.

Thanks again for your help
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jamescpp
  • Locked
  • Question
Adding an attribute to ADLDS
Replies
1
Views
119
jamescpp
jamescpp
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
95
penguinroundup
penguinroundup
DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
132
DrB0b
DrB0b
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
103
DrB0b
DrB0b
Fireksf
  • Locked
  • Question
Avaya IPOCC not generate Report, Please any body if you a have any idea help me.
Replies
1
Views
108
MarkSweetland
MarkSweetland

Part and Inventory Search

Sponsor

Back
Top