07-18-2008 09:31 AM
Hi,
I successfully configured NTLMSSP using a single domain (abc.com).
Now, i want to add another 2 domains , both domains are trusted in the same forest...so theres no problem with the query via directory.
Is this possible?
I can just add another NTLM REALM for those domain..
hope someone can enlighten me.
kira
07-18-2008 03:57 PM
Kira,
You can only configure a single NTLM realm in the WSA, but as long as there are trusts in your AD forest, users in other domains should still be able to authenticate correctly.
Example:
WSA is configured to join the domain "COMPANY". The COMPANY domain has two way trusts configure with the domain "SECONDARY".
When a user in the SECONDARY domain authenticates to the WSA, it will sends the appropriate credentials (SECONDARY\user1). The WSA will pass these credentials to the AD server we have joined (in the COMPANY domain).
Since the COMPANY AD server trusts the SECONDARY domain, it will contact the other domain controllers and authenticate the client.
You can authenticate to any number of domains as long as the AD server / domain we're joining has the trust setup and is able to authenticate other domain's users.
07-25-2008 11:20 AM
Hi Josh,
Yup..i was able to make it work.....thanks..
07-25-2008 04:00 PM
Great! Everynow and then I'm right about something :wink:
08-02-2008 11:57 AM
The problem now would be a single sign on using the 3 domains...unfortunately..i can only create 1 ntlmssp....
How do you guys manage to configure SSO with 3 domains..
anyone?
thanks,
kira
08-04-2008 04:42 PM
My understanding is that SSO will work with any of the domains that have 2 way trust setup. You will still have to setup the environment for SSO, such as setting the "Redirect Hostname" to a single word hostname.
You may have to add a trust variable in the Firefox browser.
08-19-2008 03:57 PM
Hi,
Just curious about LDAP authentcation issue in WSA. If the two domain did not trust each other. The authentication will it works or not?
How to resolve this issue?
08-20-2008 04:00 PM
I don't believe the trusts will have any effect on LDAP.
It's possible that one AD server may use an LDAP referral to query the appropriate AD server (for the other domain you are attempting to auth with), but I'm not sure that is how it works.
Any one else have concrete information? I'm curious as to why you would want to use LDAP with a multi domain environment. NTLM is better in every way (password from the client is secure, Kerberos between the WSA and DC, Single Sign On, Ease with authenticating to multiple domains, so forth.)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: