02-23-2015 04:02 AM - edited 03-01-2019 09:13 AM
Hi,
Anyone got a multiple domain config working in 6.2.1? Either I'm being blind or there's gap in the documentation.
I've got the section for the Client manager but so far I haven't found out if there is an equivalent for the master.
The release notes say it can be done; just not how.
TIA
05-19-2016 07:31 AM
We have the same problem, opened a ticket, and CISCO support found a previous case (I guess it is your case) and fixed it.
The instruction from Installation PDF is to add "Security.Authentication.Ext.File=user-auth.xml" to master.props file, then provide your user-auth.xml file.
When we implement it, we commented out the line of "Security.Authentication=ActiveDirectory", because in the multi-domain configuration XML file, we have LDAP as available authentication as well. After this change, the CM is successful to authenticate from multiple source, but the Master cannot authenticate from any. CISCO solution is to add this line back to the master.props file, then at least the primary AD authentication works, we still need to test other.
05-19-2016 07:37 AM
Hi,
Doesn't sound at first glance like you've actually got a fix. It appears there are partial solutions but nothing complete.
Cheers
05-19-2016 07:45 AM
Correct. I'm working on writing a bug for this now.
05-27-2016 01:13 PM
We authenticate to two different AD domains. Our master.props file looks like this (for the authentication section):
Security.Authentication=ActiveDirectory
ActiveDirectory.Host=corp.domain.com
ActiveDirectory.Port=389
ActiveDirectory.UserSearchPrefix=DC=corp,DC=domain,DC=com
ActiveDirectory.GroupSearchPrefix=DC=corp,DC=domain,DC=com
Security.Authentication.Ext.File=user-auth.xml
And then in the user-auth.xml we have this:
<ext-user-auth>
<user-auth>
<name>other</name>
<desc>Configure AD for user authentication</desc>
<type>ActiveDirectory</type>
<host>other.domain.com</host>
<port>389</port>
<ad.usersearchprefix>DC=other,DC=domain,DC=com</ad.usersearchprefix>
<ad.groupsearchprefix>DC=other,DC=domain,DC=com</ad.groupsearchprefix>
</user-auth>
</ext-user-auth>
Note that our users have to log in using the format of domain\userid.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide