Hi all, I have the realms: TREINO.ORG → Kerberos MIT MATRIZ.ORG → Active Directory Parent FILIAL.MATRIZ.ORG → Active Directory Child 1 PAC.MATRIZ.ORG → Active Directory Child 2
My challenge is to make the user [email protected], can handle such a share on PAC.MATRIZ.ORG, joao is a user in FILIAL.MATRIZ.ORG and in PAC.MATRIZ.ORGi have set correctly permissions to [email protected]. I've tried to make TREINO.ORG trust relationship with each Active Directory domain, and hold the trust only with the Parent Domain (MATRIZ.ORG). Conducting tests, ticket issuance is working properly. My problem seems to be related to user mapping in Active Directory. When I map a user in MATRIZ.ORG, that user inherits the permissions of the user in question itself. The problem is that when I establish the trust only with the parent domain and let the transitive enabled the mapping of the AD permissions only work correctly for users of the parent domain. When make the relationship of trust with each domain of the AD, FILIAL.MATRIZ.ORG, does not recognize a user mapped in PAC.MATRIZ.ORG. It seems that this problem is caused by MS-PAC structure of the Microsoft Active Directory. Anyway, any help? Thank you! -- Att, Marcelo M. Fleury Blog - http://marcelomf.blogspot.com/ Slides - http://www.slideshare.net/marcelomf/ "O primeiro dever da inteligência é desconfiar dela mesma." By Einstein ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
