I have a web server in a DMZ. We can access web pages on the web server from the internal net and the web server can see a database server on the internal side. The web server can ping the DC, but windows authentication does not work. I need to be able to browse files on the web server in the DMZ. I added the web server to the domain prior to putting it in the DMZ.
access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.240.0 172.31.4.0 255.255.255.0
access-list DMZ_outbound extended permit ip host 172.31.4.127 host 10.4.0.12 (IP of DC)
Is there something else i need to add so that the web server in the DMZ can authenticat to the DC?
Just FYI, it is considered poor design to try and have a domain member server in a DMZ. There are several holes you have to open directly to your DCs which can be seen as a security risk.
You can accomplish being able to access files on the DMZ webserver from the internal network without joining the domain. I have the same setup and just created a local user on the webserver that we use to open the folders.