Re: Access denied on network share in an other domain



Fred,
If the DMZ domain trusts the internal domain you can Push files out to it.
If the internal domain trusts the DMZ domain (not what you want), the dmz can Pull files out from it.
Ideally you would want the DMZ to have no inbound access to the LAN, so you would want to push files out to the DMZ.
Anthony,
http://www.airdesk.com




"r14edge" <r14edge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:A7DD8E40-843A-4BFB-8057-58658DC9742F@xxxxxxxxxxxxxxxx
Hello,

I'm setting up a DMZ for my company and I'm facing a big problem. I
planned my DMZ on using a remote file storage located in my internal network
to host my web files. I've build my DMZ in a new domain and I have setup a
trust relationship between my internal domain and my DMZ domain. The trust is
one-way where the incoming trust is my internal domain and my outgoing trust
is my DMZ domain. On my remote file server, I'm able to see the account of my
DMZ domain. I've set up the ACL on my share to be use by a specific account
in the DMZ without any problem.

Now, from any server in my DMZ, I'm able to get on the root (\\10.0.0.0) of
my share but when I click on the share itself, I got a access denied message.
I notice in the security log of the remote server that any DMZ servers that
tries to go on the remote file server, are logged under NT
AUTHORITY\ANONYMOUS LOGON.

What am I missing here? I believe that computers in my DMZ should log under
their name in the logs files, right? When I switch the trust relationship,
it's working like a charm, but I'm exposing my internal Domain to my DMZ and
I don't want that.

What can I do to solve this problem?

Thank you for your replies,

Fred

.