RE: ISA Server in NT4 domain with 1 way trust to internal W2K AD domain

• From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 6 Jan 2002 17:26:32 -0600

Hi Stephen,

You got your trust backwards! You want the ISA Server Windows 2000
domain to trust the NT domain. Otherwise, all heck might break loose :-)

Trusts are very dependent on name resolution. NT uses NetBIOS and
Windows 2000 DNS. 

HTH,
Tom
www.isaserver.org/shinder

-----Original Message-----
From: Stephen D. Pidgeon [mailto:pidgeon@xxxxxxxxxxxxx] 
Sent: Sunday, January 06, 2002 5:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Server in NT4 domain with 1 way trust to internal
W2K AD domain

http://www.ISAserver.org


I have ISA installed on W2KS  in firewall mode as a member of an NT4
domain
with a public TCP/IP subnet.

I have a non-routable subnet behind the ISA Server which is a W2K AD
domain.

I want users to have authenticated access to the Internet from SecureNAT
clients and/or Web Proxy clients.

So, I want a one way trust.  The NT4 domain trusts the W2K AD domain.
This
way ISA will authenticate users in the the internal AD domain.

BUT......

When I try to add the internal W2K domain to the trusted domains on the
PDC
it cannot find the internal W2K AD domain, either before or after ISA is
installed.

If I think about this, that is as I would expect.  How would the NT4 PDC
find the W2K AD domain?

BUT...

Page 93 of Configuring ISA Server 2000 actually refers to explicit
one-way
trusts between the ISA Server domain and each of the other individual
domains. It also visualizes the situation in figure 2.5

SO....

What am I missing? Or.... Can this not be done when ISA Server is in an
NT
40 domain?

Thank you for your assistance in advance.

Stephen D. Pidgeon



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » ISA Server in NT4 domain with 1 way trust to internal W2K AD domain
• » RE: ISA Server in NT4 domain with 1 way trust to internal W2K AD domain
• » RE: ISA Server in NT4 domain with 1 way trust to internal W2K AD domain

1. Home
2. isalist
3. Archive
4. 01-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---