21.3 Accessing Files in Another Domain

In Active Directory, there is often a need to share resources between domains. This is accomplished by establishing an inter-domain trust relationship between the domains.

Because DSfW is designed to emulate the Active Directory domain model, it might be necessary to establish trust relationships between DSfW domains in the same eDirectory tree.

  • When you install subsequent domains in an existing eDirectory tree, you have the option of specifying a parent domain for the child domain you are creating. If you do this, an inter-domain trust is automatically configured between the parent domain and the child domain.

  • If you want users to be able to access files in two DSfW domains in the same tree, but the two domains do not have a parent-child relationship, you must use MMC to establish a trust relationship between those two domains. After the trust is established, users in one domain can access shares in another domain. For more information, refer to OES Domain Services for Windows in the OES 2018 SP3: NSS File System Administration Guide for Linux.

You can also use MMC to set up cross-forest trusts between a DSfW domain and an Active Directory domain. After this is done, you can create a share on a Windows server in the Active Directory domain and DSfW users can map a drive to that share and access the files on the Windows server.

With DSfW, you can establish an cross-forest trust between a DSfW domain and an Active Directory domain and thereby allow provisioned users to access files on servers in the Active Directory domain.

NOTE:It is not possible to set up cross-forest trusts between DSfW domains in different eDirectory trees. OES services cannot grant access to users in one tree from another tree.

NOTE:In this release of DSfW, bidirectional trusts are supported, but resource access is not supported. DSfW users can access servers in an Active Directory domain, but it is not possible for users in an Active Directory domain to access servers in a DSfW domain.

Also, in this release, it is not possible to share print resources between a DSfW domain and an Active Directory domain.

For more information on trust relationships, refer to Section 19.0, Managing Trust Relationships in Domain Services for Windows.