Re: two-way domain trust?

netappmagic · ‎2020-08-17

I wanted to add Domain B as the trusted domain for Domain A? What steps do I have to go through?

1. Create two way trust in Domain A and then Domain B first in Active Directory Domain, right?

2. Use the following command to create the trust on Cluster:

vserver cifs domain name-mapping-search add -vserver vserver_name -trusted-domains FQDN, ...

3. What is the right command to verify?
4. Is there any commands to show if this is one-way or two-way on Cluster, or have to be on AD?

Please help in details. Thank you!

parisi · ‎2020-08-18

You don't really need to do anything in ONTAP to configure a two-way trust. ONTAP discovers the trusts on their own. You can see trusts with:

::> cifs domain trusts show

The domain name-mapping-search command allows you to set preferred trusts:

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-cifs%2FGUID-1F2206A7-AE87-4ADC-A75A-198629194B8C.html

domain name-mapping commands are also for when you need to map UNIX LDAP users in two different domains. I cover that in TR-4835 on page 54:

https://www.netapp.com/us/media/tr-4835.pdf

parisi · ‎2020-08-18

As for what kind of trust it is, you can't run a command in ONTAP to see that. You have to see it from AD.

netappmagic · ‎2020-08-18

I don’t seethe expected trusts domain by running the command below. Is this due to only one way relationship not two, or no any trusts created at all? I was told trust is already created. So, I am confused.

::> cifs domain trusts show

Thank you!

parisi · ‎2020-08-18

It should discover it.

If it's not discovering, you can try adding it via the commands you mentioned. Please check the links I posted for more info.

If you're still having issues, you may want to open a support ticket.