So I have Active Directory authentication working except when I enable “Authorize by group membership”.
We are in a single forest with multi-domain configuration. To allow users to authenticate from any domain, we point to our global catalog server on TCP/3268 (3269 for TLS). Our base search is configured for DC=xx,DC=net and we use the UniversalPrincipleName for authentication. This all works.
When I enable the group that we want to match users against, it is in a subdomain DC=yy,DC=xx,DC=net. The Universal group in that domain is set as NET-MGMT-IT-ADM. I’ve tried combinations of NET-MGMT-IT-ADM, YY\NET-MGMT-IT-ADM, & NET-MGMT-IT-ADM@yy without any luck. Kind of stuck, and the only thing killing me at this point.
- The topic ‘Active Directory Groups’ is closed to new replies.