Hello all,
Let me first say, that i'm surprise that i was unable to find many questions asked on this topic before. Making me think that, this is really not the problem we are facing. But here is the problem, using accounts in the trusted domain, unable to access resources in a trusting domain. Corp.com is the domain with the accounts, and Operations.com is the domain were we have files, applications, workstations, and servers. We want to add accounts from corp.com's domain to resources in the operations.com domain. Here is a diagram to show this point:
We are able to authenticate corp.com users when authenticating to resources in the 172.16.1.0/24 subnet. But no other subnets in the Operations MPLS network can authenticate. Everything that is in the Operations MPLS network is on the Operations.com domain, and for security reasons only a one way non-transitive trust is between both domains. Because of this same security policy these two MPLS networks are NOT routable between each other, and only the 192.168.1.0 and 172.16.1.0 subnets have an access router only for this trust. Now to add more information, we have 4 DCs in the Operations domain. two in 172.16.1.0 subnet and two in 172.16.2.0 subnet.
If we try to add permissions for an account in the corp.com, we get the objects not found message. When we try to log in to a server that has group permissions to login with, we getno available log on servers message. Remember only when outside 172.16.1.0 network are we getting these errors.
What can be the problem? What should we look at?
Thanks for your time and help,
Nick