In
mesak said:
I create two domain that different forest. I created one
way trusted but while user on trusted domain can't logon
or access trusting domain?
one way trust
Domain A ------------> Domain B
can't logon
I try to create local group in Domain B but user still
can't access. I don't what's wrong.
Best regards,
Not sure what you mean by log on the other domain?
Assuming that the domains are either NT4 or these are two domains of
different forests. TO insure this to work, you have to ensure that NetBIOS
resolution is working between the two domains (especially if the domains are
on different subnets).
You only log onto your own domain where the user account exists. Provided
the trust is created in the right direction, FYI: The domain you are letting
someone in, called the "trusting" domain, must trust the domain where the
user account exists, called the "trusted" domain, so the direction of the
turst, points to the user account's domain). So in the trusting domain, you
can create a group, and add that user from the trusted domain into that
group, add the group to a printer or folder adn apply the appropriate
permissions, so therefore, the user can access that resource and
authentication will be made to the domain where the trusted account exists,
called "pass thru authentication". So essenetially, you are NOT loggin on to
the other domain, but accesssing it's resources.
Now if the domains are in the same forest, then the trusts are already
setup. These sort of trusts are Kerberos/DNS based and not NetBIOS/NTLM
based as the above.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
