Login using domain …
 
Notifications
Clear all

Login using domain trust user

13 Posts
2 Users
0 Reactions
13.5 K Views
Posts: 19
Topic starter
Active Member
Joined: 8 years ago

We have a domain trust setup between two separate domains. I am able to login to the DomainB.local servers using user@DomainA.local account, but when I try to login to CloudPanel using user@DomainA.local it says “Error: Login failed. Please try again or contact support.” Is there a way to authenticate the other user? Thanks!

 

–Brian

12 Replies
2 Replies
Admin
Joined: 10 years ago

Noble Member
Posts: 1607

Brian,

One thing you may be able to try is make sure that your super admins group is a universal group and not a local domain group. If you are logging in with a security group it checks the members of that group so your DC should be able to do a referral 

Reply
Joined: 8 years ago

Active Member
Posts: 19

I don’t see a Super Users Group, but I do have a group policy set up to add the domainB users into the local builtin Administrators group in domainA.

Reply
Posts: 1607
Admin
Noble Member
Joined: 10 years ago

Hi Brian!

CloudPanel wasn’t built with that scenario in mind and it certainly hasn’t been tested so it’s unlikely that would work. We may work something like that in in the future, but it isn’t on the roadmap at this time.

 

Reply
Posts: 1607
Admin
Noble Member
Joined: 10 years ago

On the admin settings there is a field for putting in the security groups you want to be CloudPanel super admins. Instead of “Domain Admins” put in a security group that is a universal group that works for the entire forest.

Reply
Posts: 19
Topic starter
Active Member
Joined: 8 years ago

Do I need to restart any services or anything after I add another security group to the Super Admins field? I added the security group that contains the other domain’s admins but I’m still unable to login as those users. I’m probably just missing a step or don’t have something configured correctly.

Reply
1 Reply
Joined: 8 years ago

Active Member
Posts: 19

I just got around to looking into this again for our servers. I’m still not able to authenticate domain trust users across to our CloudPanel domain. Do you have any other ideas to try?

I checked the Security Group set up in our CloudPanel domain, and it is a Domain Local group. When I try to change it to Universal it says “Foreign security principals cannot be members of universal groups.” That same group does allow me to login to any server on the CloudPanel side so I know it works correctly with authentication for RDP.

Reply
Posts: 1607
Admin
Noble Member
Joined: 10 years ago

So you created a universal group in the CloudPanel domain and added the users / groups from the other domain to it?

Reply
5 Replies
Joined: 8 years ago

Active Member
Posts: 19

When I create a Universal Group in the CloudPanel domain, it doesn’t give me the option to select the other domain as a location.

Reply
Admin
Joined: 10 years ago

Noble Member
Posts: 1607

You may want to try a Domain Local group

Reply
Joined: 8 years ago

Active Member
Posts: 19

That’s the scope that we currently have for the group. When I add it to the admin/settings page for CloudPanel under Super Admins, it doesn’t seem to do anything. Still says “Error: Login failed. Please try again or contact support.” Maybe cross domain login isn’t supported.

Reply
Admin
Joined: 10 years ago

Noble Member
Posts: 1607

We haven’t tried to authenticate users in separate domains based on the Super Admin group, but theoretically it should work because your DC should relay it to the other domains setup for a two-way trust. I can do some tests.

Reply
Joined: 8 years ago

Active Member
Posts: 19

Yeah, I figured it should work as well seeing as I can use the trust to login to servers on the CloudPanel side. Thanks for helping out. Let me know if you discover anything.

Reply
Share: