Multiple AD's and domains?
Luis Azevedo
labraceta at gmail.com
Mon Jul 27 12:41:25 CEST 2009
On Jul 22, 2009, at 02:22 , Alan DeKok wrote:
> However... they all need to be part of the same AD forest / whatever.
> You CANNOT authenticate to two completely independent AD systems.
> This
> is a fundamental limitation of AD.
Hi,
Well, they don't need to be part of the same forest if you create
simple trusts between the multiple AD's.
But if you have a Forest, this means you will have Transitive Trusts
between the domains. Therefore you can authenticate in every domain
(via ntlm_auth).
Just to emphasize the key requisite is Trusts between domains/forests
and not that they need to be in the same forest.
Cheers,
Luis Azevedo
http://www.braceta.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2496 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090727/325c616b/attachment.bin>
More information about the Freeradius-Users
mailing list