Trusts or A better Way?

I currently run a hosting service and some of our customers wish to use their domain accounts to login to our servers.  Sounds like fun so here we go.

I have created a VPN connection from our site to theirs and have setup a server at our site and added it to their domain so it now contains a DNS server and a copy of their AD.

This part is working fine.

My network is 10.0.2.0/24 and theirs is 10.10.0.0/16 so for the VPN I created a 3rd NIC in my firewall with 172.16.0.0./29 on it and used this to link the VPN tunnel so right now their DC in my build has 2 NICS 172.16.0.1 (this is the link to their side) and 10.0.2.230 link to myside.

I did get the trust setup and working and was able to add groups from their domain to mine and they could login.  Now I need to add more groups from their side to mine and it will not let me.  I does not prompt me to login to their domain any more.

Was it just a fluke that this worked?  Since I have a pfSense firewall with 3 NICS (WAN, LAN [10.0.2.0] and OPT1 [172.16.0.0]) which is cabable of routing between NICS do I need the 10.0.2.230 address (and second NIC) in their AD box (there by creating a dual home DC) or should I just try to setup routes from their server of 172.16.0.1 into my 10.0.2.0/24 network?

Is there a better way to do this?  I have more customers that want to do the same and I see this getting to be very over whelming very fast.
RJLemonAsked:
Who is Participating?
 
RJLemonConnect With a Mentor Author Commented:
I now have this working correctly.  It seemed to be a DNS issue.
0
 
smartsidCommented:
Hi RJLemon,
I have a question for you. What type of Active Directory trust did you create? Is it bi-directional ?
0
 
RJLemonAuthor Commented:
It is a one way trust.  I want to trust their users coming in but no one from my home domain should be trusted on their side.
0
 
smartsidCommented:
Can you verify and validate the trust using domain.msc ? If not what is the error message you get.
If trust is verified, you can assign permissions to Universal groups from their domain, in your own domain.
0
 
WhackAModCommented:
Starting closing process on behalf of the asker.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.