Don
Thu Mar 27 12:42:54 PDT 2008
That's a bit out of my league. Its more of a programming question. How does
the site authenticate, is it using IIS, forms based, .NET etc......
--
Hope it helps!
dw
----------------------------------------------
Don Wilwol
www.atthedatacenter.com
"domain_trust_confused" <domaintrustconfused@discussions.microsoft.com>
wrote in message news:FC10F2DE-238C-46F7-8CB0-6C5F662A8511@microsoft.com...
> Hi Don,
> How could I check that?
>
>
>
> "Don Wilwol" wrote:
>
>> Check the way the site authenticates. It may be looking at the group as
>> an
>> object, instead of the group members.
>>
>> --
>> Hope it helps!
>>
>> dw
>>
>> ----------------------------------------------
>> Don Wilwol
>> www.atthedatacenter.com
>>
>>
>>
>> "Remco" <-> wrote in message
>> news:8733d$47eac5df$541f1cbd$27041@cache6.tilbu1.nb.home.nl...
>> > ok
>> > well, then I am running out of ideas also :(
>> >
>> >
>> > "domain_trust_confused" <domaintrustconfused@discussions.microsoft.com>
>> > schreef in bericht
>> > news:63DD1209-F26E-4310-B850-2BE7079D258D@microsoft.com...
>> >> Hi Remco,
>> >> no it is not me.
>> >>
>> >> Unfortunately I checked already all of that and it is fine :(
>> >>
>> >>
>> >>
>> >> "Remco" wrote:
>> >>
>> >>> well, there is another question posted here today by net_admin, same
>> >>> topic,
>> >>> same situation it seems.
>> >>> if that is not you who posted that , take a look at it! somebody
>> >>> responded
>> >>> saying:
>> >>>
>> >>> "Some things to check:
>> >>>
>> >>> Make sure Selective Authentication is not enabled
>> >>> Make sure the changes have been replicated forest wide.
>> >>> Make sure the correct DNS infrastructure is in place
>> >>> Make sure the -forest- functional level is Windows Server 2003"
>> >>>
>> >>>
>> >>> "domain_trust_confused"
>> >>> <domaintrustconfused@discussions.microsoft.com>
>> >>> schreef in bericht
>> >>> news:1D19BF2E-C4A8-4C25-8408-413D99188A8F@microsoft.com...
>> >>> > We changed it to universal and it still does not work.
>> >>> >
>> >>> > Not the situation is:
>> >>> >
>> >>> > child.A <---two way trust with [not forest trust just children are
>> >>> > trusting] --> child.B
>> >>> >
>> >>> > Universal Security Group in child.B is added to a Domain Local
>> >>> > group
>> >>> > in
>> >>> > child.A.
>> >>> >
>> >>> > Users in child.B cannot access a website in child.A that uses
>> >>> > integrated
>> >>> > windows authentication [IIS error 401 3 5].
>> >>> >
>> >>> > Getting more confused. The problem is that if I add just the users
>> >>> > to
>> >>> > the
>> >>> > domain local it works.
>> >>> >
>> >>> >
>> >>> > "Remco" wrote:
>> >>> >
>> >>> >>
>> >>> >> it says "...Because groups with global scope are not replicated
>> >>> >> outside
>> >>> >> their own domain...." which means that he has to use universal
>> >>> >> groups?
>> >>> >> anyway, give it a try, and let us know :-)
>> >>> >>
>> >>> >>
>> >>> >> "Don Wilwol" <donWilwol@(EMAIL)yahoo.com> schreef in bericht
>> >>> >> news:OA7sUM4jIHA.1132@TK2MSFTNGP06.phx.gbl...
>> >>> >> > global or universal groups will work.
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> >
http://technet2.microsoft.com/windowsserver/en/library/79d93e46-ecab-4165-8001-7adc3c9f804e1033.mspx?mfr=true
>> >>> >> >
>> >>> >> > --
>> >>> >> > Hope it helps!
>> >>> >> >
>> >>> >> > dw
>> >>> >> >
>> >>> >> > ----------------------------------------------
>> >>> >> > Don Wilwol
>> >>> >> > www.atthedatacenter.com
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > "Remco" <veralloinjamaica@hotmail.com> wrote in message
>> >>> >> > news:2fe6b$47eab58d$541f1cbd$12689@cache5.tilbu1.nb.home.nl...
>> >>> >> >> As far as I know a GC server in Forest A does not store the
>> >>> >> >> information
>> >>> >> >> of Local Domain groups of a domain outside its own forest. It
>> >>> >> >> does
>> >>> >> >> not
>> >>> >> >> get replicated.
>> >>> >> >> that why you should have Universal groups. I am not 100% sure
>> >>> >> >> of
>> >>> >> >> this,
>> >>> >> >> anyone can acknowledge this?? Am I correct?
>> >>> >> >>
>> >>> >> >>
>> >>> >> >> "domain_trust_confused"
>> >>> >> >> <domain_trust_confused@discussions.microsoft.com>
>> >>> >> >> schreef in bericht
>> >>> >> >> news:DBDEF0F6-4702-40E4-A841-BDC161910C43@microsoft.com...
>> >>> >> >>> Hello All,
>> >>> >> >>>
>> >>> >> >>> We have 2 forests A and B; both have a child domain under it.
>> >>> >> >>> We now have a two-way trust from child.A to child.B.
>> >>> >> >>>
>> >>> >> >>> I have created a Local Domain Group in child.A that contains a
>> >>> >> >>> global
>> >>> >> >>> security group from child.B.
>> >>> >> >>> We have a website that requires integrated windows
>> >>> >> >>> authentication.
>> >>> >> >>> With just the group the users get access denied, but if I do
>> >>> >> >>> add
>> >>> >> >>> single
>> >>> >> >>> users child.B to the local domain group in child.A then the
>> >>> >> >>> users
>> >>> >> >>> in
>> >>> >> >>> child.B
>> >>> >> >>> are able to access the website with no prompt for password
>> >>> >> >>> [ie.
>> >>> >> >>> windows
>> >>> >> >>> authentication works properly].
>> >>> >> >>>
>> >>> >> >>> Any ideas?
>> >>> >> >>
>> >>> >> >>
>> >>> >> >
>> >>> >> >
>> >>> >>
>> >>> >>
>> >>> >>
>> >>>
>> >>>
>> >>>
>> >
>> >
>>
>>
>>