My two-way trust with selective auth seems to behave opposite to a one-way trust

authentication active-directory windows-server-2012-r2

Solution 1:

You have to allow authentication on the computer objects you want to allow logins from the external domain. You can do it computer by computer, or you can set the permission in the OU that contains the computer objects.

What I would suggest is the following. In domain A create a local group, in domain B create a global group.

Make the global group in domain B a member of the local group in domain A.

Right-click on the ou containing the systems you want to allow and select properties. In the security tab, click advanced.

Add the domain local group and select Allowed to authenticate checkbox.

This will allow any users from domain b who are members of the global group, rights to sign into the systems you've designated.

Related

Change postgres password
Is there a way to rate limit connection attempts with firewalld?
SSHD keeps asking for user password even though it was configured with publickey,keyboard-interactive
"Access Denied" when trying to access AWS Lightsail database
Which is better for heat: 120v or 220v?
Domain only reachable over browser as long as ping is running *on the server* (also ssh doesn't work)
How can I make a linux CentOS server the master DNS server? [closed]
Kubernetes: How can I get which pod schedule GPU?
Git Server Side Hook using C#
How to install Apache with PHP 7.0 on Ubuntu 16.04 using puppetlabs-apache
Apache2 in docker using IPv6
Providing DNS redirection to honeypot server for known bad domains