Login using domain trust user  

  RSS

bchandler
(@bchandler)
Active Member
Joined:1 year  ago
Posts: 15
2017-05-02 14:52  

We have a domain trust setup between two separate domains. I am able to login to the DomainB.local servers using user@DomainA.local account, but when I try to login to CloudPanel using user@DomainA.local it says "Error: Login failed. Please try again or contact support." Is there a way to authenticate the other user? Thanks!

 

--Brian


ReplyQuote
Rick Fugatt
(@rfugattcompsys-com)
Active Member Admin
Joined:2 years  ago
Posts: 7
2017-05-03 11:52  

Hi Brian!

CloudPanel wasn't built with that scenario in mind and it certainly hasn't been tested so it's unlikely that would work. We may work something like that in in the future, but it isn't on the roadmap at this time.

 


ReplyQuote
Jacob Dixon
(@jdixon)
Prominent Member Admin
Joined:4 years  ago
Posts: 833
2017-05-03 17:06  

Brian,

One thing you may be able to try is make sure that your super admins group is a universal group and not a local domain group. If you are logging in with a security group it checks the members of that group so your DC should be able to do a referral 


ReplyQuote
bchandler
(@bchandler)
Active Member
Joined:1 year  ago
Posts: 15
2017-05-04 14:45  

I don't see a Super Users Group, but I do have a group policy set up to add the domainB users into the local builtin Administrators group in domainA.


ReplyQuote
Jacob Dixon
(@jdixon)
Prominent Member Admin
Joined:4 years  ago
Posts: 833
2017-05-05 17:30  

On the admin settings there is a field for putting in the security groups you want to be CloudPanel super admins. Instead of "Domain Admins" put in a security group that is a universal group that works for the entire forest.


ReplyQuote
bchandler
(@bchandler)
Active Member
Joined:1 year  ago
Posts: 15
2017-05-08 08:30  

Do I need to restart any services or anything after I add another security group to the Super Admins field? I added the security group that contains the other domain's admins but I'm still unable to login as those users. I'm probably just missing a step or don't have something configured correctly.


ReplyQuote
bchandler
(@bchandler)
Active Member
Joined:1 year  ago
Posts: 15
2017-12-01 09:46  

I just got around to looking into this again for our servers. I'm still not able to authenticate domain trust users across to our CloudPanel domain. Do you have any other ideas to try?

I checked the Security Group set up in our CloudPanel domain, and it is a Domain Local group. When I try to change it to Universal it says "Foreign security principals cannot be members of universal groups." That same group does allow me to login to any server on the CloudPanel side so I know it works correctly with authentication for RDP.


ReplyQuote
Jacob Dixon
(@jdixon)
Prominent Member Admin
Joined:4 years  ago
Posts: 833
2017-12-01 11:10  

So you created a universal group in the CloudPanel domain and added the users / groups from the other domain to it?


ReplyQuote
bchandler
(@bchandler)
Active Member
Joined:1 year  ago
Posts: 15
2017-12-01 11:33  

When I create a Universal Group in the CloudPanel domain, it doesn't give me the option to select the other domain as a location.


ReplyQuote
Jacob Dixon
(@jdixon)
Prominent Member Admin
Joined:4 years  ago
Posts: 833
2017-12-01 13:54  

You may want to try a Domain Local group


ReplyQuote
bchandler
(@bchandler)
Active Member
Joined:1 year  ago
Posts: 15
2017-12-01 14:02  

That's the scope that we currently have for the group. When I add it to the admin/settings page for CloudPanel under Super Admins, it doesn't seem to do anything. Still says "Error: Login failed. Please try again or contact support." Maybe cross domain login isn't supported.


ReplyQuote
Jacob Dixon
(@jdixon)
Prominent Member Admin
Joined:4 years  ago
Posts: 833
2017-12-01 14:04  

We haven't tried to authenticate users in separate domains based on the Super Admin group, but theoretically it should work because your DC should relay it to the other domains setup for a two-way trust. I can do some tests.


ReplyQuote
bchandler
(@bchandler)
Active Member
Joined:1 year  ago
Posts: 15
2017-12-01 14:13  

Yeah, I figured it should work as well seeing as I can use the trust to login to servers on the CloudPanel side. Thanks for helping out. Let me know if you discover anything.


ReplyQuote
Share:
  
Working

Please Login or Register