User lookup in one-way trust

Home Forums Microsoft Networking and Management Services Active Directory User lookup in one-way trust

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    luvshines
    Member
    #155893

    To explain the issue in brief manner:
    I have 3 domain controllers, each one hosting different domain in their respective forests – calling them X, Y, Z

    X DC is Win 2003 R2
    Other 2 are Win 2008 server

    Created 2 trust relations, each one being one-way, external outgoing trust from X to Y and X to Z

    Configured my Samba server against the X domain controller.


    So far so good.
    I have 2 client machines – Win XP and Win 7

    1. Win 7 client – Joined to Z domain
    If I logon as Z domain admin or any other user and try to add more users to access the samba share, in the ‘Locations’ button of ‘security tab’, if I try to ‘find user’ from Y domain, it asks for credentials of that domain.
    However it allows to ‘find users’ from the X domain without credentials for X domain

    2. Win XP – Joined to Y domain
    If I logon as Y domain administrator and try to add more user, the ‘Locations’ buttons allows me to ‘find users’ from both X and Z domain as well, without asking password
    Login from any other user from Y domain (not admin), it allows me ‘find users’ from X domain but for the Z domain, it asks credentials for Admin


    So, this has really confused me and I would like to understand how this works.
    I am using same samba share to connect from both client(connecting to clients through remote desktop)

    Is there some config that is missing on my Samba server or is it purely how my Widows client and the AD server interact ?

    Why is there difference between Win XP and Win 7 behaviour and then Admin user and any other user ?

    I was expecting that any user(admin or not) from Y and Z domain would not be able to ‘find users’ from each other domain without creds.
    Moreover, even the X domain users ‘find users’ would not work if my client is part of Y or Z domain

    Please help me understand this. I would share any logs/details about the setup willingly.
    I am given an Admin type task for the first time and my AD skills are too weak

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.