Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 6688 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bypass blocking doesn't work for backend groups?

FormerMember
FormerMember
Hi - I searched and didn't find this addressed. I'm preparing to allow users to bypass blocking to (for example) YouTube. I created a group in AD, created a matching group name in the Astaro and specified "remote" authentication. When I place a user in the AD group, and they try to unblock the URL, it gives them "Invalid username and password." However, if I create a matching user on the Astaro and specify "remote" authentication, it lets them log in and bypass the URL. Is there some "trick" to getting groups to do the same thing? I've tried this with the "backend sync" both selected and deselected.
Thanks!


This thread was automatically locked due to age.
Parents
  • 0
    Well, if your DCs are configured correctly, they will perform this function automatically for domain authentication requests.  I'm not an MCSE, so I can't give you detailed instructions on how to accomplish this, but I know that that's how Astaro expects to see things.

    If you suspect that you do have your trust relationships correctly configured, you might try to replace the Availability Group with a simple Host definition for the "nearest" DC, being sure to leave 'Interface: >' instead of binding this (or any Host/Network!) defintion to a specific interface.

    Cheers - Bob
Reply
  • 0
    Well, if your DCs are configured correctly, they will perform this function automatically for domain authentication requests.  I'm not an MCSE, so I can't give you detailed instructions on how to accomplish this, but I know that that's how Astaro expects to see things.

    If you suspect that you do have your trust relationships correctly configured, you might try to replace the Availability Group with a simple Host definition for the "nearest" DC, being sure to leave 'Interface: >' instead of binding this (or any Host/Network!) defintion to a specific interface.

    Cheers - Bob
Children
No Data