On Jul 22, 2009, at 02:22 , Alan DeKok wrote:
However... they all need to be part of the same AD forest / whatever.You CANNOT authenticate to two completely independent AD systems. Thisis a fundamental limitation of AD.
Hi,Well, they don't need to be part of the same forest if you create simple trusts between the multiple AD's. But if you have a Forest, this means you will have Transitive Trusts between the domains. Therefore you can authenticate in every domain (via ntlm_auth).
Just to emphasize the key requisite is Trusts between domains/forests and not that they need to be in the same forest.
Cheers, Luis Azevedo http://www.braceta.com
smime.p7s
Description: S/MIME cryptographic signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html