APM AD Auth and two AD forests with two way forest trust
Hi, I am not AD or APM expert so probably it's some obvious thing I am missing :-( Setup Two forests domainA and domainB with two way forest trust set. Based on all suggested trust is working OK APM policy with: AD AAA srv set for domainA Logon Page object with Username split enabled AD Auth with Cross Domain and AD AAA Srv mentioned before configured Goal is to use same AAA srv to authenticate users from domainA and domainB against one AAA srv. But it is not working... If user@domainA is entered on logon form everything is OK If user@domainB is entered on logon form authentication fails Looking at traffic between APM and AAA srv I can se that for user@domainB in krb traffic APM sends: cname (or something like taht): user@domainB realm: domainA and AD reply is error So is that APM config error or I am missing something on AD side? Piotr