Forum Discussion
APM + Active Directory Trusts
have tried split domain from username and cross domain support and various combinations thereof. Ended up with all kinds of strange combinations in the logs like:
I think the results were something like the following.....
Split Domain From UserName Enabled / Cross Domain Support Disabled:
2013-11-14 19:47:53 Username 'child\user2' Common 2013-11-14 19:47:53 AD module: authentication with '' failed: Client '[email protected]' not found in Kerberos database, principal name: user2 2013-11-14 19:47:53 Following rule 'fallback' from item 'AD Auth' to ending 'Deny'
2013-11-14 19:48:13 Username '[email protected]' Common 2013-11-14 19:48:13 AD module: authentication with '' failed: Client '[email protected]' not found in Kerberos database, principal name: user2 2013-11-14 19:48:13 Following rule 'fallback' from item 'AD Auth' to ending 'Deny'
Split Domain From UserName Enabled / Cross Domain Support Enabled:
2013-11-14 20:03:25 Username 'child\user2' Common 2013-11-14 20:03:56 Username 'user2' Common 2013-11-14 20:03:56 Retry Username 'user2' Common 2013-11-14 20:09:15 \N: Session deleted due to user inactivity or errors.
2013-11-14 20:04:34 Username 'child\user2' Common 2013-11-14 20:04:49 \N: Session deleted due to admin initiated termination. Common 2013-11-14 20:04:49 Following rule 'fallback' from item 'AD Auth' to ending 'Deny'
2013-11-14 20:31:12 Username '[email protected]' Common 2013-11-14 20:32:42 Username '[email protected]' Common 2013-11-14 20:32:42 Retry Username 'user2' Common 2013-11-14 20:38:05 \N: Session deleted due to user inactivity or errors.
Split Domain From UserName Disabled / Cross Domain Support Enabled:
2013-11-14 20:34:36 Username 'child\user2' Common 2013-11-14 20:34:36 AD module: authentication with 'child\[email protected]' failed: Client 'child\user2\@[email protected]' not found in Kerberos database, principal name: child\[email protected]@domain.com. Please verify Active Directory and DNS configuration. (-1765328378) Common
2013-11-14 20:34:50 Username '[email protected]' Common 2013-11-14 20:34:50 Retry Username '[email protected]' Common 2013-11-14 20:34:51 AD module: authentication with 'user2\@[email protected]' failed: Client 'user2\@child.airmis.airwave
Basically I just want the user to be able to stipulate the domain and for APM to forward that to the DC.
Seems that in the APM AD config because you have entered the FQFN of 'domain.com' it doesn't understand there may be child domains/trusts.....
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com