RE: ISA Server in NT4 domain with 1 way trust to in ternal W2K AD domain

  • From: "Periyasamy, Raj" <psraj@xxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 7 Jan 2002 10:25:38 -0500

Stephen,
When you add the AD domin in yoour NT 4 trusted domains, did you specify the
pre-windows 2000 domian name or the FQDN such as 2000domain.com ?

Regards,

Raj



-----Original Message-----
From: Stephen D. Pidgeon [mailto:pidgeon@xxxxxxxxxxxxx]
Sent: January 06, 2002 7:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Server in NT4 domain with 1 way trust to
internal W2K AD domain


http://www.ISAserver.org


Thank you Tom.  I may have not stated my situation clearly.  The ISA Server
is a stand alone server in an NT40 domain that is a public subnet.

ISA server is a member of the public domain, the private internal domain is
W2K AD.

When I tried ISA as a workgroup, it would only authenticate local machine
accounts.  I want ISA to authenticate the accounts that are users of the
internal AD domain.

I hope I said this clearly.  Thank you for a quick response, but I'm still
not clear on this

Steve

-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Sunday, January 06, 2002 5:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Server in NT4 domain with 1 way trust to internal
W2K AD domain

http://www.ISAserver.org


Hi Stephen,

You got your trust backwards! You want the ISA Server Windows 2000
domain to trust the NT domain. Otherwise, all heck might break loose :-)

Trusts are very dependent on name resolution. NT uses NetBIOS and
Windows 2000 DNS.

HTH,
Tom
www.isaserver.org/shinder

-----Original Message-----
From: Stephen D. Pidgeon [mailto:pidgeon@xxxxxxxxxxxxx]
Sent: Sunday, January 06, 2002 5:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Server in NT4 domain with 1 way trust to internal
W2K AD domain

http://www.ISAserver.org


I have ISA installed on W2KS  in firewall mode as a member of an NT4
domain
with a public TCP/IP subnet.

I have a non-routable subnet behind the ISA Server which is a W2K AD
domain.

I want users to have authenticated access to the Internet from SecureNAT
clients and/or Web Proxy clients.

So, I want a one way trust.  The NT4 domain trusts the W2K AD domain.
This
way ISA will authenticate users in the the internal AD domain.

BUT......

When I try to add the internal W2K domain to the trusted domains on the
PDC
it cannot find the internal W2K AD domain, either before or after ISA is
installed.

If I think about this, that is as I would expect.  How would the NT4 PDC
find the W2K AD domain?

BUT...

Page 93 of Configuring ISA Server 2000 actually refers to explicit
one-way
trusts between the ISA Server domain and each of the other individual
domains. It also visualizes the situation in figure 2.5

SO....

What am I missing? Or.... Can this not be done when ISA Server is in an
NT
40 domain?

Thank you for your assistance in advance.

Stephen D. Pidgeon



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pidgeon@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
psraj@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: