On Jul 22, 2009, at 02:22 , Alan DeKok wrote:

 However... they all need to be part of the same AD forest / whatever.
You CANNOT authenticate to two completely independent AD systems. This
is a fundamental limitation of AD.


Hi,

Well, they don't need to be part of the same forest if you create simple trusts between the multiple AD's. But if you have a Forest, this means you will have Transitive Trusts between the domains. Therefore you can authenticate in every domain (via ntlm_auth).

Just to emphasize the key requisite is Trusts between domains/forests and not that they need to be in the same forest.

Cheers,

Luis Azevedo
http://www.braceta.com

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to