Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

how to enable authentication for external users from a partner domain via CCPM [Radius)/AD

Posted on 2014-08-22
3
Medium Priority
?
453 Views
Last Modified: 2014-08-27
Hi Experts

We need to authenticate users from an external domain called DomainB  via CPPM (Radius)/AD. How can we do it? There is no relationship between our domainA and the External domain[DomainB]

Our forest/domain functional level is 2003.

For DomainA users we have the following CPPM config:

General:

Name:      AD-SourceDomainA
Description:      China AD Servers
Type:      AD
Use for Authorization:      Enabled
Authorization Sources:      -



Primary:

Hostname:      dc01.domainA.com

Connection Security:      None
Port:      389
Verify Server Certificate:      true
Bind DN:      svc-cppm@domainA.com

Bind Password:      ********
NetBIOS Domain Name:      domainA
Base DN:      dc=domainA,dc=com
Search Scope:      SubTree Search
LDAP Referrals:      false
Bind User:      true
User Certificate :      userCertificate


Attributes:

Filters :      1. (&(sAMAccountName=%{Authentication:Username})(objectClass=user))
2. (distinguishedName=%{memberOf})
3. (&(sAMAccountName=%{Host:Name}$)(objectClass=computer))
4. (&(sAMAccountName=%{Onboard:Owner})(objectClass=user))
5. (distinguishedName=%{Onboard memberOf})



Backup 1:

Hostname:      dc02.domainA.com

Connection Security:      None
Port:      389
Verify Server Certificate:      true
Bind DN:      svc-cppm@domainA.com

Bind Password:      ********
NetBIOS Domain Name:      DomainA
Base DN:      dc=domainA,dc=com
Search Scope:      SubTree Search
LDAP Referrals:      false
Bind User:      true
User Certificate :      userCertificate



Thanks,
0
Comment
Question by:Jerry Seinfield
  • 2
3 Comments
 

Author Comment

by:Jerry Seinfield
ID: 40280016
Any updates?
0
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 40280156
since there is no trust relationship how do you plan on authenticating the users credentials? you have to have a way of authenticating domain B from domain A.. Federated trust may work for you but domain B must also be setup to get/send the tokens.
0
 

Author Comment

by:Jerry Seinfield
ID: 40280480
Thanks David,

Assuming that we can create a two-way trust relationship, can you please advise on all steps required to complete this task? Please provide as much details as you can
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question