1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Access denied on network share in an other domain

Discussion in 'Windows Security' started by r14edge, Jun 9, 2009.

  1. r14edge

    r14edge Guest

    Hello,

    I'm setting up a DMZ for my company and I'm facing a big problem. I
    planned my DMZ on using a remote file storage located in my internal network
    to host my web files. I've build my DMZ in a new domain and I have setup a
    trust relationship between my internal domain and my DMZ domain. The trust is
    one-way where the incoming trust is my internal domain and my outgoing trust
    is my DMZ domain. On my remote file server, I'm able to see the account of my
    DMZ domain. I've set up the ACL on my share to be use by a specific account
    in the DMZ without any problem.

    Now, from any server in my DMZ, I'm able to get on the root (\\10.0.0.0) of
    my share but when I click on the share itself, I got a access denied message.
    I notice in the security log of the remote server that any DMZ servers that
    tries to go on the remote file server, are logged under NT
    AUTHORITY\ANONYMOUS LOGON.

    What am I missing here? I believe that computers in my DMZ should log under
    their name in the logs files, right? When I switch the trust relationship,
    it's working like a charm, but I'm exposing my internal Domain to my DMZ and
    I don't want that.

    What can I do to solve this problem?

    Thank you for your replies,

    Fred
     
    r14edge, Jun 9, 2009
    #1
  3. Peter Foldes

    Peter Foldes Guest

    r14edge

    Please post this over to the windows.server.security newsgroup where it belongs

    On the web:



    --
    Peter

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.

    "r14edge" <r14edge@discussions.microsoft.com> wrote in message
    news:8265F20F-1B84-479B-B112-FC3B7B45502F@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Hello,
    >
    > I'm setting up a DMZ for my company and I'm facing a big problem. I
    > planned my DMZ on using a remote file storage located in my internal network
    > to host my web files. I've build my DMZ in a new domain and I have setup a
    > trust relationship between my internal domain and my DMZ domain. The trust is
    > one-way where the incoming trust is my internal domain and my outgoing trust
    > is my DMZ domain. On my remote file server, I'm able to see the account of my
    > DMZ domain. I've set up the ACL on my share to be use by a specific account
    > in the DMZ without any problem.
    >
    > Now, from any server in my DMZ, I'm able to get on the root (\10.0.0.0) of
    > my share but when I click on the share itself, I got a access denied message.
    > I notice in the security log of the remote server that any DMZ servers that
    > tries to go on the remote file server, are logged under NT
    > AUTHORITYANONYMOUS LOGON.
    >
    > What am I missing here? I believe that computers in my DMZ should log under
    > their name in the logs files, right? When I switch the trust relationship,
    > it's working like a charm, but I'm exposing my internal Domain to my DMZ and
    > I don't want that.
    >
    > What can I do to solve this problem?
    >
    > Thank you for your replies,
    >
    > Fred <!--colorc--><!--/colorc-->
     
    Peter Foldes, Jun 10, 2009
    #2
  4. r14edge

    r14edge Guest

    I just did.

    Thank you for taking me at the right place.

    "Peter Foldes" wrote:
    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > r14edge
    >
    > Please post this over to the windows.server.security newsgroup where it belongs
    >
    > On the web:
    >
    >
    >
    > --
    > Peter
    >
    > Please Reply to Newsgroup for the benefit of others
    > Requests for assistance by email can not and will not be acknowledged.
    >
    > "r14edge" <r14edge@discussions.microsoft.com> wrote in message
    > news:8265F20F-1B84-479B-B112-FC3B7B45502F@microsoft.com...<!--coloro:green--><span style="color:green <!--/coloro-->
    > > Hello,
    > >
    > > I'm setting up a DMZ for my company and I'm facing a big problem. I
    > > planned my DMZ on using a remote file storage located in my internal network
    > > to host my web files. I've build my DMZ in a new domain and I have setup a
    > > trust relationship between my internal domain and my DMZ domain. The trust is
    > > one-way where the incoming trust is my internal domain and my outgoing trust
    > > is my DMZ domain. On my remote file server, I'm able to see the account of my
    > > DMZ domain. I've set up the ACL on my share to be use by a specific account
    > > in the DMZ without any problem.
    > >
    > > Now, from any server in my DMZ, I'm able to get on the root (10.0.0.0) of
    > > my share but when I click on the share itself, I got a access denied message.
    > > I notice in the security log of the remote server that any DMZ servers that
    > > tries to go on the remote file server, are logged under NT
    > > AUTHORITYANONYMOUS LOGON.
    > >
    > > What am I missing here? I believe that computers in my DMZ should log under
    > > their name in the logs files, right? When I switch the trust relationship,
    > > it's working like a charm, but I'm exposing my internal Domain to my DMZ and
    > > I don't want that.
    > >
    > > What can I do to solve this problem?
    > >
    > > Thank you for your replies,
    > >
    > > Fred <!--colorc--><!--/colorc-->
    >
    > <!--colorc--><!--/colorc-->
     
    r14edge, Jun 10, 2009
    #3

Share This Page