In ASG version 7 before upgrading to version 8 we had users authenticating to active directory via SSO. Astaro was seeing groups and authenticating to both the primary domain and child domain.
1. When you go the SSO you will see it is joined to domain A the child domain is domain B.
2. You will see the server?s astaro is authenticating to. When you test if a user can be authenticated it works and all associated active directory groups are shown for both domains.
3. When you set the proxy profile ad group to user authentication enabled it correctly identifies users and groups in the ccsdnet.local domain and passes credentials correctly.
4. When you turn on user authentication for domain B users get a proxy prompt box asking for their credentials.This does not occur if you join the astaro box to domain B directly but if you do that the users on domain A get the proxy prompt instead. If you type credentials many times it will pass them and website will appear.
5. This behavior did not occur in version 7 of ASG software in the past it was able to talk to both domain controllers and pass SSO correctly regardless of what domain you were in and at the same time I would see users from domain A and domain B authenticating.
HTTP PROXY LOG WHEN USER FROM domain B OPENS IE:
2010:09:24-17:10:49 httpproxy[9813]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xae56d00" function="auth_adir_getgroupsids_callback" file="auth_adir.c" line="789" message="winbindd request failed ()"
If user types in username and password into proxy prompt it will PASS but proxy prompt comes up over and over until all pieces of webpage are loaded.
If user is on domain A primary domain it passes SSO and is logged correct user will not get proxy prompt.
Any ideas? Or is this a possible bug in 8.002
This thread was automatically locked due to age.