Access denied on network share in an other domain

Hello,

I'm setting up a DMZ for my company and I'm facing a big problem. I
planned my DMZ on using a remote file storage located in my internal network
to host my web files. I've build my DMZ in a new domain and I have setup a
trust relationship between my internal domain and my DMZ domain. The trust is
one-way where the incoming trust is my internal domain and my outgoing trust
is my DMZ domain. On my remote file server, I'm able to see the account of my
DMZ domain. I've set up the ACL on my share to be use by a specific account
in the DMZ without any problem.

Now, from any server in my DMZ, I'm able to get on the root (\\10.0.0.0) of
my share but when I click on the share itself, I got a access denied message.
I notice in the security log of the remote server that any DMZ servers that
tries to go on the remote file server, are logged under NT
AUTHORITY\ANONYMOUS LOGON.

What am I missing here? I believe that computers in my DMZ should log under
their name in the logs files, right? When I switch the trust relationship,
it's working like a charm, but I'm exposing my internal Domain to my DMZ and
I don't want that.

What can I do to solve this problem?

Thank you for your replies,

Fred

r14edge

Please post this over to the windows.server.security newsgroup where it belongs

On the web:
http://www.microsoft.com/communities...erver.security


--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"r14edge" <r14edge@discussions.microsoft.com> wrote in message
news:8265F20F-1B84-479B-B112-FC3B7B45502F@microsoft.com...
> Hello,
>
> I'm setting up a DMZ for my company and I'm facing a big problem. I
> planned my DMZ on using a remote file storage located in my internal network
> to host my web files. I've build my DMZ in a new domain and I have setup a
> trust relationship between my internal domain and my DMZ domain. The trust is
> one-way where the incoming trust is my internal domain and my outgoing trust
> is my DMZ domain. On my remote file server, I'm able to see the account of my
> DMZ domain. I've set up the ACL on my share to be use by a specific account
> in the DMZ without any problem.
>
> Now, from any server in my DMZ, I'm able to get on the root (\\10.0.0.0) of
> my share but when I click on the share itself, I got a access denied message.
> I notice in the security log of the remote server that any DMZ servers that
> tries to go on the remote file server, are logged under NT
> AUTHORITY\ANONYMOUS LOGON.
>
> What am I missing here? I believe that computers in my DMZ should log under
> their name in the logs files, right? When I switch the trust relationship,
> it's working like a charm, but I'm exposing my internal Domain to my DMZ and
> I don't want that.
>
> What can I do to solve this problem?
>
> Thank you for your replies,
>
> Fred

I just did.

Thank you for taking me at the right place.

"Peter Foldes" wrote:

> r14edge
>
> Please post this over to the windows.server.security newsgroup where it belongs
>
> On the web:
> http://www.microsoft.com/communities...erver.security
>
>
> --
> Peter
>
> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>
> "r14edge" <r14edge@discussions.microsoft.com> wrote in message
> news:8265F20F-1B84-479B-B112-FC3B7B45502F@microsoft.com...
> > Hello,
> >
> > I'm setting up a DMZ for my company and I'm facing a big problem. I
> > planned my DMZ on using a remote file storage located in my internal network
> > to host my web files. I've build my DMZ in a new domain and I have setup a
> > trust relationship between my internal domain and my DMZ domain. The trust is
> > one-way where the incoming trust is my internal domain and my outgoing trust
> > is my DMZ domain. On my remote file server, I'm able to see the account of my
> > DMZ domain. I've set up the ACL on my share to be use by a specific account
> > in the DMZ without any problem.
> >
> > Now, from any server in my DMZ, I'm able to get on the root (\\10.0.0.0) of
> > my share but when I click on the share itself, I got a access denied message.
> > I notice in the security log of the remote server that any DMZ servers that
> > tries to go on the remote file server, are logged under NT
> > AUTHORITY\ANONYMOUS LOGON.
> >
> > What am I missing here? I believe that computers in my DMZ should log under
> > their name in the logs files, right? When I switch the trust relationship,
> > it's working like a charm, but I'm exposing my internal Domain to my DMZ and
> > I don't want that.
> >
> > What can I do to solve this problem?
> >
> > Thank you for your replies,
> >
> > Fred
>
>