I am experiencing a problem with my ssl vpn solution. I have both an SA and RSA setup for 2 factor authentication. I have 2 domains, domain A and domain B. Domain A resides in building A and domain B resides in building B.
Users from both domains connect to our ssl vpn. We have all of the user information coming from our Active Directory - specifically, domain A. The problem I am having is - users in domain B cannot login to the ssl vpn. We had to setup users in domain B on domain A (and have 2 accounts - 2 points of maintenance) - and this works.
My questions are:
1. If domain A and domain B are trusted domains, shouldn't users in domain B be allowed to sign into the ssl vpn using their domain B credentials?
2. Currently, when these users (from domain B) connect to our ssl vpn using their domain A credentials, they seem to lose their credentials somewhere along the way. They have problems accessing network shares and things of this matter. They are promted for their username and password again. Could this have to do with the fact that they are logged into their pc using 1 set of credentials and the ssl vpn as another?
I hope this makes sense and was the proper place to post this question.
User has to use the prefix of the second domain to log in, like domain2\user.
Otherwise you cold use IAS Radius with Radius Proxy to authenticate / authorize Users of different Domains, no matter if they have trust relationship or not. maybe this works more stable and is scalible for future needs..
thats how i do it - use IAS with Radius Proxy confiuged.
You will need IAS for each domain, you can even install IAS easily on the Domaincontroller.
Configure Radius Proxy with connection policies in IAS.