I have a little program using SSPI to validate client's
credential(domain\userID and password).
This program works fine if the client is the domain user in the same
forest as where the program is running.
eg, this program is running in domain A.test.com,
if the client is the user in domain B.test.com(domain A and B are in
the same forest ), everything works fine no matter this program is
running as a user or local system account.
However, when I try to verfiy the credentials for the client in another
forest(eg, client user is in domain C.test.org ( A.test.com and
C.test.org are in two seperate forests and no trust relationship is set
up for the forest )
I can use SSPI to verify the client's credential, however, when I
impersonate, we find the client's identity is ANONYMOUS logon, which is
wrong. But, if running this program as local system account, I can get
the clien't identity correctly.
Does anyone know why I get "ANONYMOUS logon" and how to solve it?
I have being trying for a while, but could not figure out the reason.
Re: sms 2003 advance clients in different AD forest ? ... When I try to deploy the Advanced Client to workstations in the other domain that the sms server is not located in, ... sms Primary server in Forest A. ... (microsoft.public.sms.setup)
Re: SMS Across 2 Forests ... I will now need> to place a primary site server with default MP in my other forest. ... Will I> be ok with one SLP in my central site even though it exist in the other> forest?... >>> - What kind of user account do I need to specify for the address ... >>> in both forests and used that as my client push installation account.... (microsoft.public.sms.setup)
Re: 4 forests-domains, roaming clients, no trusts, not Internet-Ba ... I called MS presales support and discovered that the ... different Forest Primary Sites across forest boundaries without trusts, ... you would create the network access account in DomainA. ... untrusted domains in theis organization is Internet-Based Client... (microsoft.public.sms.setup)
Re: 4 forests-domains, roaming clients, no trusts, not Internet-Ba ... configuration should work, and would be supported, with communication between different Forest Primary Sites across forest boundaries without trusts, without IBCM and without Native Mode- PKI, although there is still a huge question mark in my opinion because Microsoft seems to have conflicting documentation on exactly what is supported when it comes to Forest to Forest communications. ... They also agreed with me that the best way to implement this is with IBCM, which my client is not agreeable to. ... distribution points are in that domain, and your clients are in Forest2/DomainB, you would create the network access account in DomainA. ... But you might have to do some global/local/universal group things to make sure the DomainA\network access account had permissions on the dps in X and Y. Note that having an additional distribution point in Forest2/DomainB is not supported, because we don't support distribution points across forest boundaries unless they are supporting Internet-based clients. ... (microsoft.public.sms.setup)
Re: Client need to key in credential to access shared folder ... We have even try to open all services bet the two domain to check it is the firewall that blocking the ports but the problem still persist. ... The ports bet Client and DC have already been open up. ... >> All my client and server have already specified their own internal DNS... > join to a existing forest which has only domain B. ... (microsoft.public.win2000.active_directory)
