Multiple AD's and domains?

Luis Azevedo labraceta at
Mon Jul 27 12:41:25 CEST 2009

On Jul 22, 2009, at 02:22 , Alan DeKok wrote:

>  However... they all need to be part of the same AD forest / whatever.
> You CANNOT authenticate to two completely independent AD systems.   
> This
> is a fundamental limitation of AD.


Well, they don't need to be part of the same forest if you create  
simple trusts between the multiple AD's.
But if you have a Forest, this means you will have Transitive Trusts  
between the domains. Therefore you can authenticate in every domain  
(via ntlm_auth).

Just to emphasize the key requisite is Trusts between domains/forests  
and not that they need to be in the same forest.


Luis Azevedo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2496 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list