Archived from groups: microsoft.public.win2000.security (
More info?)
Thanks Dean. It is not a requirement for Radius Server to run on DC.
Management prefers that because they want to safe hardware cost.
"Dean Wells [MVP]" wrote:
> seeker01 wrote:
> > Hi Dean,
> > My company still uses NT4 domain, & I have setup a Windows 2000 AD
> > that merely runs Cisco Radius Servers as shared service application
> > that authenticates many other companies. I cant run Windows 2003 AD
> > because Cisco Radius Server not supporting Windows 2003. It is a 1
> > way trust I have setup between the NT4 domain & Windows 2000AD. Few
> > months later, NT4 domain will be upgraded to Windows 2003AD. Do you
> > know if I can setup forest trust between Windows 20003AD &
> > Windows2000AD? Thanks heaps. Rgds, seeker01
> >
> > "seeker01" wrote:
> >
> >> Thanks Dean. this is so disappointing. I was obviously misled by
> >> technet artilce "managing trusts".
> >>
> >> "Dean Wells [MVP]" wrote:
> >>
> >>> seeker01 wrote:
> >>>> Hi,
> >>>> Does windows 2000 active directory allow to establish trust between
> >>>> forest? or is there a trick to allow that ??? Thanks.
> >>>> Seeker01
> >>>
> >>> No, domain to domain trusts between forests (uswa NTLM for
> >>> authentication and is non-transitive) are supported but that doesn't
> >>> equate to the two entire forests trusting one another. It is
> >>> supported with Windows Server 2003 (uses Kerberos for
> >>> authentication and is transitive between the domains in either
> >>> forest) assuming something known as the "forest functional level"
> >>> is set to Windows 2003 Native.
> >>>
> >>> --
> >>> Dean Wells [MVP / Directory Services]
> >>> MSEtechnology
> >>> [[ Please respond to the Newsgroup only regarding posts ]]
> >>> R e m o v e t h e m a s k t o s e n d e m a i l
>
> Again, no ... but this is almost certainly a question of terminology and
> nothing more at this point. You CAN create a trust (near identical to
> the one you currently have) between a single domain in the 2000 forest
> and a single domain in the proposed 2003 forest. If either forest has
> more than one domain and trust relationships are required for those also
> then you'll need to create additional trust relationships.
>
> PS - Does the RADIUS server you're using impose a requirement that it
> MUST run on a Domain Controller?
>
> --
> Dean Wells [MVP / Directory Services]
> MSEtechnology
> [[ Please respond to the Newsgroup only regarding posts ]]
> R e m o v e t h e m a s k t o s e n d e m a i l
>
>
>