LDAP auth. fails to cross domain
Posted: Thu Dec 29, 2016 2:36 pm
We have 2 domains, A and B, in corporate network with 2-way trust each other. I have configured LDAP authentication on FTP server located on domain A. The user LDAP mapping to AD users on domain A work fine. But the mapping to AD users on domain B doesn't work. It means a user on domain B is unable to log in to the FTP server. I have tried to log in using 2 login methods, such as myname and myname@domain_B, respectively. They both failed.
The following is the configuration for the LDAP auth. based on domain A host.
Host: test.domain_A
Port: 3268 (tried 389, didn't work)
Base DN: DC=domain_A,DC=com
User filter: (&(objectClass=user)(sAMAccountName=%s))
Version: 3
Bind DN: CN=test,OU=users,Dc=domain_A,dc=com
Bind password: *******
(if no bind DN is configured, users on domain A will no longer be able to log in to the FTP either, but the validation of LDAP server connectivity is still successful)
here is an example of logs.
[06] Wed, 28 Dec 2016 09:28:44 (0000000) User 'myusername' login failed! (IP:xx.xx.xx.xx)
[06] Wed, 28 Dec 2016 09:29:24 (0000000) User 'myusername@domain_B' login failed! (IP:xx.xx.xx.xx)
In addition, if I adopt Windows authentication instead of LDAP auth, everything works fine and there is no any issue for all users on both domain A and B to log in to the FTP. But Windows authentication doesn't support group mapping which is what we want.
Can you please help me out how I can solve this issue with LDAP auth. of cross domain?
Best regards,
sc
The following is the configuration for the LDAP auth. based on domain A host.
Host: test.domain_A
Port: 3268 (tried 389, didn't work)
Base DN: DC=domain_A,DC=com
User filter: (&(objectClass=user)(sAMAccountName=%s))
Version: 3
Bind DN: CN=test,OU=users,Dc=domain_A,dc=com
Bind password: *******
(if no bind DN is configured, users on domain A will no longer be able to log in to the FTP either, but the validation of LDAP server connectivity is still successful)
here is an example of logs.
[06] Wed, 28 Dec 2016 09:28:44 (0000000) User 'myusername' login failed! (IP:xx.xx.xx.xx)
[06] Wed, 28 Dec 2016 09:29:24 (0000000) User 'myusername@domain_B' login failed! (IP:xx.xx.xx.xx)
In addition, if I adopt Windows authentication instead of LDAP auth, everything works fine and there is no any issue for all users on both domain A and B to log in to the FTP. But Windows authentication doesn't support group mapping which is what we want.
Can you please help me out how I can solve this issue with LDAP auth. of cross domain?
Best regards,
sc