ntlm_auth authentication against multiple ADS domains
Gaddis, Jeremy L.
jeremy at linuxwiz.net
Fri Feb 9 05:28:49 CET 2007
On Thu, 8 Feb 2007, Dow, Corey wrote:
> up, and I have it working with a single ADS domain. The problem I've
> encountered is performing authentication against multiple ADS domains using
> ntlm_auth.
>
> ADS Parent domain netidm.net
> ADS Child domain xyz.abc.com
Are you actually trying to authenticate to domains in separate forests
(e.g. netidm.net and abc.com) or are you trying to authenticate to both a
parent and child domain in the same forest (e.g. abc.com and
child.abc.com)?
> If I join to abc.com using net ads join, I can use ntlm_auth with no
> problems, but how do I perform authentications against xyz.abc.com ?
If these domains are in separate forests, you'll need an explicit trust
between the two forests. In the domains are in the same forest, there's
an implicit trust between them already.
Have you tried the reverse (joining child.abc.com and authenticating users
in abc.com)? Not saying that would work, just curious.
Any hints in the kerberos logfiles?
> Corey Dow
> Network Solution's Test Center
> ProCurve Networking by HP
Nice products. =) Any chance you could mail me (off-list) directions for
disabling the password on a 9308m from the console (password is lost and I
keep forgetting how). I've bothered ProCurve support enough. =)
Thanks,
-j
--
Jeremy L. Gaddis, MCP, GCWN jeremy at linuxwiz.net
LinuxWiz Consulting http://linuxwiz.net
More information about the Freeradius-Users
mailing list