TRUST RELATIONSHIPS

[8nichoa1]

I AM CURRENTLY TRING TO SETUP A TWO WAY TRUST RELATIONSHIP OVER A WAN. i NEED A MOBILE USER TO BE ABLE TO GO TO EITHER OF THE LOCATIONS AND LOGON TO THAT SITE DOMAIN CONTROLLER, BUT FOR EASE OF ADMINISTRATION I'D WOULD ONLY LIKE TO SET UP ONE ID.

I HAVE BEEN ABLE TO ALLOW A USERID ACCESS TO RESOURCES ON THE OTHER SITE WHEN THEY LOGON TO THE SITE WHERE THE ID IS. BUT WHEN I GO TO THE OTHER SITE AND TRY TO LOGON WITH THE ID IT DOESN'T ALLOW THEM ACCESS TO THAT DOMAIN, ANY IDEAS IF I HAVE WRITTEN IT CORRECTLY.


DOMAIN1--------WAN---------DOMAIN2
USER1 USER2


i WANT USER1 TO BE ABLE TO LOGON ON BOTH STIES AND THE SAME WITH USER2. i HAVE SETUP A TWO WAY TRUST RELATIONSHIP BUT IT ONLY WORKED ONE WAY (I.E. USER1 COULD LOGON AT DOMAIN1 AND SE RESOURCES ON BOTH DOMAINS BUT COULNDN'T LOGON TO DOMAIN2)

PLEASE HELP ?????????????????????????????????????????????????????????????????????

 

[josesc]

You need to change the users police on the other side of domain (i.e. if a user on domain1 wants to log on domain2, in domain2 need to change policies at user manager, setting user in doamin2 to log locally, so it will be replicated to all machines in the domain2 )

 

[8nichoa1]

I have tried this but it didn't seem work How long does it take to replicate?? and is there any way I can force a replication between domain1 and domain2????? would setting any dns server settings help with it

When user1 logs on to domain 2 is his logon authenticated by that domain or does it send a request across to domain1. because if this is the case I might have to change some timeout settings as the network is pretty slow. and it instantly comes back with user id or password not recognise??

thank you for your response

 

[ShackDaddy]

When you go to the other site (where Domain2 is located) and try and log on, does the 'domain' login box list both domains in it, or only Domain2? When you created the trust, did you get the message "The trust relationship has been established successfully?" A trust relationship can eventually succeed without this message, but to make sure, enter the domain name and password in the bottom section of the trust setup screen on both sites before you fill out the top section on both sites. Both sites also need to know how to find each other's domain controllers, so you will need to have either WINS or lmhosts files (and sometimes both!) implemented on both sides. In an NT4 domain, simple DNS won't be good enough. Dave Shackelford - MCT, MCSE, CCNA, MA
Network Engineer
IRSC, Inc. - A ChoicePoint Company
"One of the advantages of being disorderly is that one is constantly making exciting discoveries." (A. A. Milne)

 

[8nichoa1]

thank you for all your help, I have checked all of the above and the trust is establishes successfully and i have an lmhosts pointing to the right place. the message i get is "cannot be validated by the server".

 

[ghostrider3]

Have you given the user a glabal account and placed him in a local account on the other domain?

The account will need to be a member of a global group to get across the trust, and a member of local group in the trusting domain for the account to logon.

Hope that helps

 

[josesc]

When user1 logs on to domain 2 is his logon authenticated by that domain or does it send a request across to domain1. because if this is the case I might have to change some timeout settings as the network is pretty slow. and it instantly comes back with user id or password not recognise??


Domain1 validates it users using the relationship. So the request is send to domain1, Have you tried to change the timeout settings? It Owrks?