RE: ISA Server in NT4 domain with 1 way trust to in ternal W2K AD domain

• From: "Stephen D. Pidgeon" <pidgeon@xxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 7 Jan 2002 10:41:51 -0600

Raj,

I use the pre-windows 2000 domain name that AD Users and Computers
properties reports.  Say my registered domain name is mydomain.com.  Then my
internal AD domain is internal.mydomain.com.  I enter "INTERNAL" into the
add trusted box on NT4 Trust Relationships under User Manager for Domains.

The registered external network is mydomain.com, my DNS servers are linux
and have a zone for mydomain.com, the actual NT4 domain has a different
name.

I am wondering....

Can an external NT4 domain trust an internal W2K when they are connected by
a stand alone W2K Server in an NT4 domain with ISA on it?

If so, how?

Thank you all for your assistance. I'm just not grasping how to set up my
domains here.

Stephen D. Pidgeon

-----Original Message-----
From: Periyasamy, Raj [mailto:psraj@xxxxxxxxxxxx]
Sent: Monday, January 07, 2002 9:26 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Server in NT4 domain with 1 way trust to in
ternal W2K AD domain

http://www.ISAserver.org


Stephen,
When you add the AD domin in yoour NT 4 trusted domains, did you specify the
pre-windows 2000 domian name or the FQDN such as 2000domain.com ?

Regards,

Raj



-----Original Message-----
From: Stephen D. Pidgeon [mailto:pidgeon@xxxxxxxxxxxxx]
Sent: January 06, 2002 7:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Server in NT4 domain with 1 way trust to
internal W2K AD domain


http://www.ISAserver.org


Thank you Tom.  I may have not stated my situation clearly.  The ISA Server
is a stand alone server in an NT40 domain that is a public subnet.

ISA server is a member of the public domain, the private internal domain is
W2K AD.

When I tried ISA as a workgroup, it would only authenticate local machine
accounts.  I want ISA to authenticate the accounts that are users of the
internal AD domain.

I hope I said this clearly.  Thank you for a quick response, but I'm still
not clear on this

Steve

-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Sunday, January 06, 2002 5:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Server in NT4 domain with 1 way trust to internal
W2K AD domain

http://www.ISAserver.org


Hi Stephen,

You got your trust backwards! You want the ISA Server Windows 2000
domain to trust the NT domain. Otherwise, all heck might break loose :-)

Trusts are very dependent on name resolution. NT uses NetBIOS and
Windows 2000 DNS.

HTH,
Tom
www.isaserver.org/shinder

-----Original Message-----
From: Stephen D. Pidgeon [mailto:pidgeon@xxxxxxxxxxxxx]
Sent: Sunday, January 06, 2002 5:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Server in NT4 domain with 1 way trust to internal
W2K AD domain

http://www.ISAserver.org


I have ISA installed on W2KS  in firewall mode as a member of an NT4
domain
with a public TCP/IP subnet.

I have a non-routable subnet behind the ISA Server which is a W2K AD
domain.

I want users to have authenticated access to the Internet from SecureNAT
clients and/or Web Proxy clients.

So, I want a one way trust.  The NT4 domain trusts the W2K AD domain.
This
way ISA will authenticate users in the the internal AD domain.

BUT......

When I try to add the internal W2K domain to the trusted domains on the
PDC
it cannot find the internal W2K AD domain, either before or after ISA is
installed.

If I think about this, that is as I would expect.  How would the NT4 PDC
find the W2K AD domain?

BUT...

Page 93 of Configuring ISA Server 2000 actually refers to explicit
one-way
trusts between the ISA Server domain and each of the other individual
domains. It also visualizes the situation in figure 2.5

SO....

What am I missing? Or.... Can this not be done when ISA Server is in an
NT
40 domain?

Thank you for your assistance in advance.

Stephen D. Pidgeon



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pidgeon@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
psraj@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pidgeon@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » RE: ISA Server in NT4 domain with 1 way trust to in ternal W2K AD domain
• » RE: ISA Server in NT4 domain with 1 way trust to in ternal W2K AD domain
• » RE: ISA Server in NT4 domain with 1 way trust to in ternal W2K AD domain

1. Home
2. isalist
3. Archive
4. 01-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---