Authentication in Active Directory

[MSR63]

I have a remote data center with 3 Intel and 2 AIX servers on their own subnet. I need to make the Active Directory DC out there recognize three domains.

However these domains are not a part of the forest.
One is the parent so there are no issues there.
One has VPN and Trust with the parent domain and the other only has VPN connection.

How do I configure this AD to authenticate the various domains?

Any suggestions are welcomed.

 

[pagy]

I don't understand what you mean by 'I need to make the Active Directory out there recognize three domains'.

What do you mean by recognize?
Not part of what forest?

One is the parent so there are no issues there

So you have a forest with 1 domain tree in the remote datacenter, is that correct??

And what do you mean by 'How do I configure this AD to authenticate the various domains?' ??

Can you explain a little more clearly what you are wanting to do please.

Paul
MCSE 2003
MCSA 2003
MCITP Enterprise Administrator

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams

 

[MSR63]

Sure - My main AD DC in located onsite, I have a remote site, diff subnet with a DC and AD loaded on it.
On my network - there is no Forest - just one domain. I need to Active Directory authenticate two external domains - one with VPN/Trust and the other with just VPN connectivity.

We have a lab program that users from thee different domains will need to access. I am not familiar with AIX but apparently this program and AIX will allow access with AD Authentication.

Hope that explained it better.

 

[58sniper]

On my network - there is no Forest - just one domain.

Say what? A domain is part of a forest.

In order for a DC to provide any authentication here, there needs to be trusts.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[pagy]

So the DC at the remote site is part of the same domain as the DC at your main site, is that correct??

And you have 2 other windows domains that are not part of the same domain as your DC at the main site??

And you want to use AD to authenticate the AIX bits??

You'll need to clarify the first couple of questions for me but as for the AIX stuff the only way I know of authenticating AIX using AD is to use LDAP, info about this can be found here;

http://www.ibm.com/developerworks/aix/library/au-aixadsupport.html

Paul
MCSE 2003
MCSA 2003
MCITP Enterprise Administrator

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams

 

[MSR63]

Yes Pagy - the first two lines are correct.
I do not know any thing about AIX but these 2 servers work with my 3 Intel servers. Cache and IIS services

I just know that I am supposed to make sure that authentication via AD will work with the two other domains

I guess bottom line - the developers want remote users to access this software via GUI interface - and it will only allow them access via authentication from their desktop login.

thank for hte link -- I'll take a look at it.

 

[allywilson]

Have a look into setting up Kerberos on your AIX servers (I've not used AIX but Linux and Solaris can use it). Essentially you setup your AIX boxes to be KDC's, use ksetup.exe on windows to recognise them as KDCs and then you can logon to their domains from your windows boxes.

It's a bit of a pain to get your head around - but it can be done.