10 Sep
2004
10 Sep
'04
10:56 p.m.
Unfortunately I have limited visibility to the corporate domains, but I believe they are Win2K domains running in native mode. It's possible though that the NEWCORP domain might be Windows 2003 now.
I don't see any errors on the F230. I've even got the auth subsystem logging configured for full debug logging but I'm not seeing anything logged when I make a failed authentication attempt.
I do have concerns about WINS though. There seems to be some confusion about what, if any, WINS servers are being supported by the corporate folks at this point. (In fact, one of the WINS servers being handed out by DHCP doesn't even exist.)
--
Mike Sphar - Sr Systems Administrator - Remedy, a BMC Software Company
-----Original Message-----
From: Jack Lyons [mailto:jack.lyons@martinagency.com]
Sent: Friday, September 10, 2004 5:44 PM
To: Mike Sphar; toasters@mathworks.com
Subject: Re: Confusing trusted domain authentication problem
What are the versions of domains you are using (I assume Win2K AD) including
Service Packs
are you getting any error messages on the F230?
make sure that the WINS stuff is correct for all domains.
----- Original Message -----
From: "Mike Sphar" mike.sphar@Remedy.COM
To: toasters@mathworks.com
Sent: Friday, September 10, 2004 6:04 PM
Subject: Confusing trusted domain authentication problem
> Don't know if anyone has any suggestions for this fairly annoying problem,
> but I'm happy to hear any.
>
> We've got a development domain here called (for example) ENG, that has for
> years trusted the corporate domain CORP. My three netapps are members of
> the ENG domain and any user in CORP can authenticate on those servers via
a
> one-way trust. (ENG trusts CORP, CORP does not trust ENG).
>
> We've got a new corporate domain NEWCORP being migrated to, and ENG also
has
> a one-way trust to NEWCORP.
>
> Now, everything seems to work fine, *except* for my one very old Netapp
F230
> running 5.3.7R3D18. (I know, way old and end-of-lifed, we're trying to
> replace it.)
>
> My NEWCORP account can authenticate against my newer netapps, but when I
try
> to connect to the F230, or to a snapserver or a unix server running samba,
> the authentication fails. So basically it looks like authentication is
> working for the Netapps running a current OS release and for regular
windows
> servers, but not for 3rd party servers. If we make the samba server
> authenticate against CORP instead of ENG, then the NEWCORP accounts seem
to
> work.
>
> It seems like there must be something different about the ENG -> NEWCORP
and
> ENG -> CORP trusts, or some obscure authentication permissions thing, but
we
> can't figure out what the problem is. (And our primary windows admin is
on
> vacation.)
>
> Anyone out there more knowledgeable about trusts and domains (I'm mainly a
> unix guy) have any suggestions?
>
> --
> Mike Sphar - Sr Systems Administrator - Remedy, a BMC Software Company
>