Unsolved
1 Rookie
•
299 Posts
0
1269
multi domain ldap question
I have the following config
LDAP domain A where unity array is proposed to lie.
LDAP domain B where a number of CIFS/unix users reside
Domain A has a one way trust to Domain B.
Can unity array join domain A but resolve users in domain B for file access ?
The reason for this are convoluted security issues, so saying simply join unity array to LDAP domain B will not fly
Rainer_EMC
8.6K Posts
1
December 18th, 2018 05:00
I assume you really mean Active Directory domains since thats what we join - not LDAP domains
sure - as long as the trust is in the right direction
A one-way incoming trust allows users in your (trusted) domain to be authenticated in the other (trusting) domain, whereas a one-way outgoing trust allows users in the other (trusted) domain to be authenticated in your (trusting) domain.
more info available from Microsoft:
Trust Technologies: Domain and Forest Trusts | Microsoft Docs
cadencep45
1 Rookie
1 Rookie
•
299 Posts
0
December 18th, 2018 06:00
so how can we do two things;
1. do a network capture of the user authentication to see what is happening when it denies access.
2. Is there a way of testing whether access is allowed/denied to a file and if denied where in the process it is denied like server_cifssupport --accessright ( yes I know its a VNX command )
Rainer_EMC
8.6K Posts
0
December 18th, 2018 09:00
sure - similar command is available on Unity and called svc_cifssupport