AD auth with one-way trust

Question

isilon lives in domain1, has AD auth with domain1. has been working for a long time. domain1 is the only non-local auth provider under access/authentication providers/active directory/ (nothing under 'kerberos provider') assume the following windows permissions:  \isilonSMBserver.domain1.com\shared\ is shared full control to 'everyone' and NTFS gives 'authenticated users' read.  \non-isilonserver-plainwindows.domain1.com\shared\ is shared full control to 'everyone' and NTFS gives 'authenticated users.' read domain1 has a one-way AD forest trust with domain2. that is, domain2 users can log into domain1 resources.  from a machine in domain2, domain2\user2 can browse and map drives to any \non-isilonserver-plainwindows.domain1.com\shared\ share.  but when trying to access \isilonSMBserver.domain1.com\shared\, domain2\user2 gets.  it's not a DNS thing, because from the same machine in domain2, i can map a drive to  \isilonSMBserver.domain1.com\shared\.if i provide alternate credentials domain1\user1.  is there something special to do in the /isilon/share/zone/ or in domain1 AD, maybe with kerberos, that my plain old windows file servers are doing automatically because they are plain old windows domain members? in domain2, there are no computer objects, or SPNs, or anything special set up for any domain1 objects, yet somehow  \non-isilonserver-plainwindows.domain1.com\shared\ 'just works' for domain2 users. it's only isilon-based shares that can't seem to figure out how to let domain2 users in.  i will also note that on the domain1 active directory authentication provide on the isilonr, domain2 (the fqdn) is listed under 'trusted domains that are always recognized.' field.

curtmcg1rt · Answer

don't know how this got cut off:but when trying to access \isilonSMBserver.domain1.com\shared\, domain2\user2 gets **'unexpected network error' or other vague windows errors.

curtmcg1rt · Answer

9.3.0.3

DELL-Sam L · Answer

Hello curtmcg1rt, What is your current onefs version?

DELL-Sam L · Answer

Hello curtmcg1rt, Here is a link to a kb that maybe of assistance. https://dell.to/3ypiJfm

curtmcg1rt · Answer

that article is promising, but it confusingly assumes the exact same username in both domains. which is not my situation.

DELL-Sam L · Answer

Hello curtmcg1rt, It is best to open a support case for your particular issue

Isilon

Was this post helpful?