Does anyone know how to coinfigure SSO in a multi-domain AD environment, using the Global Catalog?
I ran through the configuration process, using port 3268 (Global Catalog) instead of 389 (LDAP). Connectivity and authentication works fine and allows users from multiple domains to authenticate. I then configured the Kerberos SSO by creating the XMPP user in the Root domain. The results are mixed. Users from the Root domain are able to login using SSO but users from any of the sub (child) domains cannot. I tried defining the multiple domaind in the krb5.ini sections as shown below, but that did not seem to help.
[realms]
ZEVEL.CORP = {
kdc = imsdc03.zevel.corp
admin_server = imsdc03.zevel.corp
default_domain = zevel.corp
}
AUBURNHILLS.ZEVEL.CORP = {
kdc = imsdc04.auburnhills.zevel.corp
admin_server = imsdc04.auburnhills.zevel.corp
default_domain = auburnhills.zevel.corp
}
[domain_realms]
zevel.corp = ZEVEL.CORP
.zevel.corp = ZEVEL.CORP
auburnhills.zevel.corp = AUBURNHILLS.ZEVEL.CORP
.auburnhills.zevel.corp = AUBURNHILLS.ZEVEL.CORP
Any ideas / help would be appreciated.
Thanks.