Don't know if anyone has any suggestions for this fairly annoying problem, but I'm happy to hear any.
We've got a development domain here called (for example) ENG, that has for years trusted the corporate domain CORP. My three netapps are members of the ENG domain and any user in CORP can authenticate on those servers via a one-way trust. (ENG trusts CORP, CORP does not trust ENG).
We've got a new corporate domain NEWCORP being migrated to, and ENG also has a one-way trust to NEWCORP.
Now, everything seems to work fine, *except* for my one very old Netapp F230 running 5.3.7R3D18. (I know, way old and end-of-lifed, we're trying to replace it.)
My NEWCORP account can authenticate against my newer netapps, but when I try to connect to the F230, or to a snapserver or a unix server running samba, the authentication fails. So basically it looks like authentication is working for the Netapps running a current OS release and for regular windows servers, but not for 3rd party servers. If we make the samba server authenticate against CORP instead of ENG, then the NEWCORP accounts seem to work.
It seems like there must be something different about the ENG -> NEWCORP and ENG -> CORP trusts, or some obscure authentication permissions thing, but we can't figure out what the problem is. (And our primary windows admin is on vacation.)
Anyone out there more knowledgeable about trusts and domains (I'm mainly a unix guy) have any suggestions?
What are the versions of domains you are using (I assume Win2K AD) including Service Packs are you getting any error messages on the F230? make sure that the WINS stuff is correct for all domains.
----- Original Message ----- From: "Mike Sphar" mike.sphar@Remedy.COM To: toasters@mathworks.com Sent: Friday, September 10, 2004 6:04 PM Subject: Confusing trusted domain authentication problem
Don't know if anyone has any suggestions for this fairly annoying problem, but I'm happy to hear any.
We've got a development domain here called (for example) ENG, that has for years trusted the corporate domain CORP. My three netapps are members of the ENG domain and any user in CORP can authenticate on those servers via
a
one-way trust. (ENG trusts CORP, CORP does not trust ENG).
We've got a new corporate domain NEWCORP being migrated to, and ENG also
has
a one-way trust to NEWCORP.
Now, everything seems to work fine, *except* for my one very old Netapp
F230
running 5.3.7R3D18. (I know, way old and end-of-lifed, we're trying to replace it.)
My NEWCORP account can authenticate against my newer netapps, but when I
try
to connect to the F230, or to a snapserver or a unix server running samba, the authentication fails. So basically it looks like authentication is working for the Netapps running a current OS release and for regular
windows
servers, but not for 3rd party servers. If we make the samba server authenticate against CORP instead of ENG, then the NEWCORP accounts seem
to
work.
It seems like there must be something different about the ENG -> NEWCORP
and
ENG -> CORP trusts, or some obscure authentication permissions thing, but
we
can't figure out what the problem is. (And our primary windows admin is
on
vacation.)
Anyone out there more knowledgeable about trusts and domains (I'm mainly a unix guy) have any suggestions?
-- Mike Sphar - Sr Systems Administrator - Remedy, a BMC Software Company
-
Jack Lyons -
Mike Sphar