Re: Trouble Authenticating users from trusted domains

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Troubled Mike (TroubledMike_at_discussions.microsoft.com)
Date: 01/07/05

• Next message: Marc I.: "Re: missing dns records such as _msdcs and getting error 5781 on win2k dc"
• Previous message: Raul Rego: "Re: login remote"
• In reply to: ptwilliams: "Re: Trouble Authenticating users from trusted domains"
• Next in thread: ptwilliams: "Re: Trouble Authenticating users from trusted domains"
• Reply: ptwilliams: "Re: Trouble Authenticating users from trusted domains"
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 7 Jan 2005 06:07:03 -0800

That is the problem. We can only pass a maximum of 2 Domains.

We have a new ERP system that can either authenticate with it's own user
database or we can set it up to authenticate via Active Directory. We would
much prefer authenticating via Active Directory as it makes Administration
much easier. In order to set that up, we must edit a properties file from
the application. This file allows you to specify 2 Domain Controllers, or
you can specifiy LDAP. If you specify an LDAP server, these are the
parameters that you can pass:
# comments out the line.

# Logon properties for LDAP/AD
#type:I
dir.logon.ldap.server=
dir.logon.ldap.port=
dir.logon.ldap.top=
dir.logon.ldap.prefix=
dir.logon.ldap.sufix=

Keep in mind that this will work just fine if we are only authenticating a
single Domain's users. The problem comes in because we are a WorldWide
company and have several child and trusted domains.

"ptwilliams" wrote:

> No, that's the problem -without a DN it won't.
>
> You'll need to 'aim' the request at the appropriate DC.
>
> Can you pass the domain?
>
> Perhaps if you can explain a little more what you are trying to achieve we
> can better assist?
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Troubled Mike" <TroubledMike@discussions.microsoft.com> wrote in message
> news:89235423-ED9A-4086-B091-D39D713F8257@microsoft.com...
> I have run these commands and they were successful. Should the Domain
> Controllers from the site that this application is located pass the username
> on to the proper child domain? Even without a Domain identifier?
>
> "ptwilliams" wrote:
>
> > In order to successfully logon, you must be able to resolve the _ldap SRV
> > records.
> >
> > Ensure that the dsGetDc call is successful by either running nltest
> > /dsgetdc:domain-name.com or netdiag /test:dsgetdc
> >
> >
> > > Is there a way or how can Active Directory or LDAP search all of my
> > > domains, both parent and child, for the username to authenticate?
> >
> > If you're using an LDAP query this is possible through the use of crossRef
> > objects and LDAP referrals. Although in order for this to work you must
> > pass the full DN of the domain. If you don't pass the DN, then you'll
> > need
> > to pass additional info., such as domain name, etc.
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net/
> > http://forums.msresource.net/
> >
> > "Troubled Mike" <Troubled Mike@discussions.microsoft.com> wrote in message
> > news:E472A4BC-DED2-472F-B4D0-A7AAE7FCACCA@microsoft.com...
> > I have an ERP application that can authenticate users from Active
> > Directory
> > or LDAP. The problem that I am having is that it does not appear that any
> > domain information is passed to my DCs or LDAP Server. For example, I can
> > login and authenticate just fine in the parent domain, but when I try to
> > login as a user from the child domain, the authentication fails. The only
> > login information that is entered is the user name, i.e. sjones. Is there
> > a
> > way or how can Active Directory or LDAP search all of my domains, both
> > parent
> > and child, for the username to authenticate?
> >
> >
> >
>
>
>

---

• Next message: Marc I.: "Re: missing dns records such as _msdcs and getting error 5781 on win2k dc"
• Previous message: Raul Rego: "Re: login remote"
• In reply to: ptwilliams: "Re: Trouble Authenticating users from trusted domains"
• Next in thread: ptwilliams: "Re: Trouble Authenticating users from trusted domains"
• Reply: ptwilliams: "Re: Trouble Authenticating users from trusted domains"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: ipfw plus authentication (authpf is cool but....) ... their ipaddress, mac address, workstation os, etc. in our ldap directory. ... gain network access is indeed belongs to that user. ... router first before being allowed to access any server. ... user will authenticate to a web based login form which is tied up ... (freebsd-questions) Re: Trouble Authenticating users from trusted domains ... Controllers from the site that this application is located pass the username ... > If you're using an LDAP query this is possible through the use of crossRef ... > I have an ERP application that can authenticate users from Active Directory ... > login as a user from the child domain, ... (microsoft.public.win2000.active_directory) Re: Trouble Authenticating users from trusted domains ... For the internal referrals, ... We have a new ERP system that can either authenticate with it's own user ... If you specify an LDAP server, ... >> login as a user from the child domain, ... (microsoft.public.win2000.active_directory) Re: Trouble Authenticating users from trusted domains ... > In order to successfully logon, you must be able to resolve the _ldap SRV ... > I have an ERP application that can authenticate users from Active ... > login as a user from the child domain, ... (microsoft.public.win2000.active_directory) RE: Cant authenticate to LDAP domain with Redhat9 ... it is more used by the authconfig ... sure you can reach your ldap server with ldapsearch, ... Cant authenticate to LDAP domain with Redhat9 ... (RedHat)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.active_directory  > 2005-01