This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

DPA Authentication Multiple Domains in Separate Forests

Does anyone have any experience setting up DPA for multiple domains in separate forests?  I see several KBs that reference the BaseDN can be shortened to allow easy authentication of sub domains in the same forest.  I don't see any practical examples for multiple domains in separate forests.  There is a fully trust and I have members of domain B in a security group in domain A (where domain A is configured in DPA and is a global catalog AD Domain controller).  Domain A users can authenticate fine, domain B members cannot log and I get the follow in the DPA Auth logs.

WARN   (2019-12-09 14:49:27,208.EST) [https-jsse-nio-8124-exec-10] CustomUserDetailsService - xxxx

INFO   (2019-12-09 14:49:27,270.EST) [https-jsse-nio-8124-exec-10] LoginThrottle - Invalid login attempt to /iwc/login.iwc by 'xxxx' from 10.10.x.x

Parents Reply Children