Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1061
  • Last Modified:

Sharepoint Authentication between two domains

To the Experts,

I have a question which may be complex. Here is my situation: we are currently running WSS 3.0 and need to upgrade WSS to Sharepoint 2010. At the same time, we will be upgrading the servers to Windows 2008 R2 and use SQL Server 2008 R2. This is no problem at all. However, my company has two network domains. One is the main network domain while the other network domain is considered a developmental network for engineers and programmers.

By stating this, the main network is locked down. The other network is more flexible and would not require us to jump through hoops in terms of upgrading the software and hardware. For testing purposes, I set up a test Sharepoint 2010, SQL Server 2008, and Win 2008 servers on the development network. The issue that I ran into is when I want to access the Sharepoint site or download/upload documents from the main network, I have to use a local computer account (created on the Sharepoint server) to access the site.

The current WSS 3.0 site (runs on the main network) uses LDAP for user/group authentication. My question is how or what can I use to possibly integrate LDAP user/group authentication from the main network for the Sharepoint 2010 site being hosted on the developmental network? Any suggestions or third party software that could do this would be great.

Thanks,
Todd
0
thef284
Asked:
thef284
  • 3
  • 2
1 Solution
 
Justin SmithSr. System EngineerCommented:
Is there any type of AD trust currently between the Main and Dev domains?
0
 
Justin SmithSr. System EngineerCommented:
Does the Main SharePoint site truly use an LDAP store for users and groups?  Or do you just mean, it uses Active Directory?
0
 
thef284Author Commented:
At this moment, there is no AD trust between the two domains. I do not forsee AD trust for these two domains in the future due to the company wanting to keep them separate.

The Main Sharepoint site uses AD authentication, not an actually LDAP store. Sorry for not clarifying that info for you.

Besides using AD for authentication, I wonder if there is a way for users to access the site with different credentials, enter those credentials, and then gain entry to sites/libraries based on the permissions specified for that user login? Kind of similar to using a local user account, but instead of having to type in your credentials every time you want to upload/download a file, the credentials are remembered after initial login.

I am grasping at straws right now... :)
0
 
Justin SmithSr. System EngineerCommented:
Why dont you just create user accounts for people in the Dev domain, and have them use those to log into the 2010 site?  The 2010 is just for testing anyways, right?  I'm assuming that "Dev" is an Active Directory environment??

The only option you have where users could use their Main credentials to authenticate in 2010 is to set up AD federation between the domains.  Seems way overkill and pointless though.
0
 
thef284Author Commented:
The 2010 is just for testing anyways, right?
Well, for the most part SP 2010 is for testing purposes. However, we will migrate WSS 3.0 to SP 2010 for production purposes starting in December 2012.

We can definitely setup an AD environment for the development network. But, it would be nice to have only one set of user credentials to be used than to make users use one set of credentials for the main network and another for the dev network.

However, this may be the route taken in which we setup an AD environment for the development network which will be used to create 300 user accounts for authentication with Sharepoint.

The whole point to move away from the main network is to give us more flexibility and control of the Sharepoint web design, functions, and administrative responsibilities such as backing up the Sharepoint farm.

I agree that we could setup AD federation, but the company would probably kill this idea since the dev network is considered less secure.

Thanks for your input... this confirms what I was thinking about doing, but wanted to make sure there was not another alternative.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now