Showing results for 
Search instead for 
Did you mean: 

Domain Authentication Problem

Occasional Contributor

Domain Authentication Problem

After switching to the Infranet Controllers I see that some users don't send a domain name with their username. The ICs then try to authenticate against the Forest Root using Active Directory but the users are in a child domain and the login fails. Hardcoding a domain\username solves the problem but is for obvious reasons not practical.

Has anyone else come across this problem?


Ø"Re: Domain Authentication Problem"

Solution-1(simple and strainght forward): Use Kerberos SSO(this works only using OAC and if end-point is joined to domain):-

if the users are logging into IC(using OAC) from an end-point which is joined to domain and user logged into PC as a domain user:

  1. Configure Forest root's domain controller as AD Auth server in IC and give root domain's admin username password in auth server config and enable "Allow Trusted Domains" setting in Auth server config on IC.
  2. Configure your realm to use this AD Auth Server for authentication and make sure 'Enable SSO' checkbox is checked under: Users->User Realms-> your realm-> Authentication Policy -> SSO tab in Admin UI. note that your relam is realm name that you are using for user authentication.
  3. Now login to a computer (as a domain user) which is part of domain(either root or child domain) and start OAC and click on 'connect to infranet controller' checkbox.
    Now you will be logged into IC as same user who is logged into the domain computer. no need to mention any domain prefix for username. leave the username field as it is and set the password setting in OAC profile to 'prompt for password'.

Solution-2(not that easy, requires too much of configuration):-

configure domain controller of each child domain in as a seperate auth server in IC and configure seperate realms one for each child domain and make the realm use respective child domain's domain controller as auth server.

please reply if this not you are looking for.