You are viewing limited content. For full access, please sign in.

Question

Question

Will licence manager authenticate over NTLM from a sub domain (kerberos is not possible)

License Manager
Updated February 12, 2015
asked on February 26, 2014

Hi folks,

I have a customer who runs their test environment in a sub domain, but due to an early misconfiguration of this (many years ago), have to use NTLM authentication from the sub domain to the parent domain in the AD tree.

 

Rebuilding their test, sub domain, is not a possibility, as there are many other systems already implemented.

 

We would like to install the LM in the TLD, as their production environment (another sub domain) will allow proper pass through authentication. 

This way we can share the user licences properly across the domains.

 

Can anyone confirm that LM will allow LFS to authenticate AD users using NTLM authentication from a sub domain to a parent domain ?

1 0

Answer

SELECTED ANSWER
replied on February 26, 2014

Yes, this should work. There is no Active Directory authentication going on between the Laserfiche Server and the License Manager, the LFS simply needs to retrieve a list of SIDs from the LM which it does over HTTP. The LFS then handles AD authentication for users connecting to it, first trying Kerberos then falling back to NTLM if that fails. So your setup should work as long as you don't have any other major oddities in your AD setup.

0 0
replied on February 28, 2014

Thanks Matthew

1 0
replied on February 12, 2015 Show version history

Just want to update this conversation with the further analysis that happened later on this issue.

Scenario: - The Production domain where License Manager is installed doesn't trust the test domain where the test Laserfiche server is installed. But the test domain does trust production domain. So License Manager is unable to add directory users from test domain.

Workarounds:- 

1) The production License Manager's domain needs to trust the test domain if you want to be able to add Windows accounts from the test domain as directory named users in the License Manager. Build that trust.

2) Install a separate License Manager in the test domain.

3) Wondering if it is possible to move the License Manager from the production domain to the test domain. What implications will it have? Since already test domain trusts the production domain, authentication will not be a problem.

 

 

0 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...