cancel
Showing results for 
Search instead for 
Did you mean: 

One users using two realms

meh_
Frequent Contributor

One users using two realms

Hi,

I'm at a loss what is going on so thought I'd check if I'm missing somthing. I have two realms created which are linked to two different urls. They are for host checking and one is a realm for Windows users and the other is for Mac users. Windows and Mac users go through their respective urls. There is a particular user who usually users a Mac and she goes through the Mac realm and it works fine. But she is now trying to go through the Windows realm on a Windows computer, but for some reason it tries to load the Mac realm and therefore fails. I have double checked to ensure she is going to the correct url and she is. I have checked the logs and I can clearly see the wrong realm is being used. I'm at a loss as to why it is trying to using the Mac realm when she is going through the Windows url. No other Windows user has a problem logging into the Windows realm.

Am I missing something here?

Thanks

Message Edited by meh on 04-30-2009 11:43 PM
7 REPLIES 7
firewall72_
Frequent Contributor

Re: One users using two realms

Hi,

What are the differences between the mac and windows realms? Do they map the same resources? When she logs into windows, do her macintosh resources get mapped? I would run a Policy Trace (Maintenance, Troubleshooting, User Sessions, Policy Tracing) on her account/realm and ask her to login and test. Just make sure you select the options that match her resources, then hit the start recording button. When the user is done testing, stop the recording and have a look. This should shed some light on what is the problem. Keep me posted.

-John

meh_
Frequent Contributor

Re: One users using two realms

The differences between the two realms is the way the host checkers operates. In the Windows realm it checks for an active and up to date antivirus. In the Mac realm it basically just checks if it is a Mac (looks for a running process). That's the only difference between the two. As I do the Host checking at the resource level, I have created duplicate resources with different host checker settings, one for Mac and one for Windows. The particular url that go through determines which realm they use, and which resources they can map too.

I ran a Policy trace and I can clearly see that the user is going through the Mac realm, but I can't see why when I am being assured that they are using a Windows computer and going through the Windows realm (based on the url they are going through)

Hope that makes sense.

Message Edited by meh on 05-02-2009 11:16 PM
firewall72_
Frequent Contributor

Re: One users using two realms

Hi,

That is very odd. Based on what you've added, I don't see why you would need two different Realms. Typically, these are used to isolate companies or contractors from employees. A single Realm and HC Policy could support different HC options/policies for Windows, Macintosh, and Linux. You would just use the Tabs when defining the options. I would try to import your mac settings into the Windows realm and test.

-John

meh_
Frequent Contributor

Re: One users using two realms

I think I created two realms as I couldn't use my existing roles for the Mac's as we use the cache cleaner and this didn't work with the Mac OS. So I had to configure additional roles that didn't use the cache cleaner.

So I thought it was easier to have another Realm with mapping to the new Mac roles that I created. This has worked well in the past, I just don't know why it's not working with this particular user.

firewall72_
Frequent Contributor

Re: One users using two realms

Hi,

As, I see. We launch Cache Cleaner at the Realm level and require it for specific Windows Roles. This allows the Macintosh systems to skip it at the Realm since it's not required. If possible, maybe you could share the policy trace logs so we can have a further look. This is a difficult issue to troubleshoot without seeing what the SA is doing.

-John

jayw414_
New Contributor

Re: One users using two realms

Hi, meh -

Is it possible that it has to do with the way roles are mapped for each of the realms?

Maybe she is still mapping to the Mac role because she is (as an example) in the macusers_corp group.

Is she being mapped to the same exact role set as Windows users when she logs onto the Windows realm?

Hope this helps.

- Jay

ruc_
Regular Contributor

Re: One users using two realms

In the policy trace log if the value of "Sign-in URL = " does match the windows realm related sign in URL and the user still gets a MAC realm then I would open a JTAC case along with policy trace, user access logs and SSL dump captured on the interface the user is trying to log into.