Kerberos realm vs NT domain
WAGHORN, Jason (NHS BORDERS)
j.waghorn1 at nhs.net
Fri Jan 18 10:59:51 CET 2019
Hi
As I said - if I can get it working for the 95% then I can arrange the relocation of the 5% to the same AD container - that leaves the outstanding issue of making sure that it's attempting to authenticate against the correct AD container... which is the part I still cannot fathom.
So - Kerberos/RADIUS realm is example.com, users are in a.example.com - everything I see looks like when user at example.com attempts to authenticate via RADIUS that it pushes that same user/example.com combination towards AD for authentication and not the desired user/a.example.com so it fails.
I suppose I could republish the RADIUS realm to match the domain but I've couched it in terms of "example.com" because the realm is already embarrassingly long (and cumbersome for users to enter) and the container where the users live makes that even more embarrassingly long.
Apologies if the terminology is incorrect - I am trying to learn here.
Cheers
Jason
********************************************************************************************************************
This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in relation to its contents. To do so is strictly prohibited and may be unlawful. Thank you for your co-operation.
NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services.
For more information and to find out how you can switch, https://portal.nhs.net/help/joiningnhsmail
More information about the Freeradius-Users
mailing list