Login using domain trust user
We have a domain trust setup between two separate domains. I am able to login to the DomainB.local servers using user@DomainA.local account, but when I try to login to CloudPanel using user@DomainA.local it says “Error: Login failed. Please try again or contact support.” Is there a way to authenticate the other user? Thanks!
–Brian
Brian,
One thing you may be able to try is make sure that your super admins group is a universal group and not a local domain group. If you are logging in with a security group it checks the members of that group so your DC should be able to do a referral
I don’t see a Super Users Group, but I do have a group policy set up to add the domainB users into the local builtin Administrators group in domainA.
Hi Brian!
CloudPanel wasn’t built with that scenario in mind and it certainly hasn’t been tested so it’s unlikely that would work. We may work something like that in in the future, but it isn’t on the roadmap at this time.
On the admin settings there is a field for putting in the security groups you want to be CloudPanel super admins. Instead of “Domain Admins” put in a security group that is a universal group that works for the entire forest.
Do I need to restart any services or anything after I add another security group to the Super Admins field? I added the security group that contains the other domain’s admins but I’m still unable to login as those users. I’m probably just missing a step or don’t have something configured correctly.
I just got around to looking into this again for our servers. I’m still not able to authenticate domain trust users across to our CloudPanel domain. Do you have any other ideas to try?
I checked the Security Group set up in our CloudPanel domain, and it is a Domain Local group. When I try to change it to Universal it says “Foreign security principals cannot be members of universal groups.” That same group does allow me to login to any server on the CloudPanel side so I know it works correctly with authentication for RDP.
So you created a universal group in the CloudPanel domain and added the users / groups from the other domain to it?
When I create a Universal Group in the CloudPanel domain, it doesn’t give me the option to select the other domain as a location.
That’s the scope that we currently have for the group. When I add it to the admin/settings page for CloudPanel under Super Admins, it doesn’t seem to do anything. Still says “Error: Login failed. Please try again or contact support.” Maybe cross domain login isn’t supported.
We haven’t tried to authenticate users in separate domains based on the Super Admin group, but theoretically it should work because your DC should relay it to the other domains setup for a two-way trust. I can do some tests.
Yeah, I figured it should work as well seeing as I can use the trust to login to servers on the CloudPanel side. Thanks for helping out. Let me know if you discover anything.
- 5 Forums
- 716 Topics
- 3,649 Posts
- 1 Online
- 258 Members