cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

NPM authentication with two AD domains

Is it possible to configure NPM to access two different AD domains. We currently have NPM accessing a departmental AD which contains members of the department as well as customers. In the future will are going to move all of the internal user to the company AD. However, we want to maintain the customers in the other domain. That means we need to authenticate against two different domains. Is this possible?

Labels (1)
0 Kudos
12 Replies
Level 11

Hi,

 

I have same issue.

Users from trusted domain can't login.

0 Kudos

These are interesting.  I assumed the SolarWinds server simply needed to be "domain joined" and that there had to be a trust between the multiple domains.

It shows what happens when I assume. Uff da!

0 Kudos

Hi,
I'm wondering if this one has every been resolved?
ie. can NPM authenticate users using more than one domain or not?


0 Kudos
Level 8

Something is obviously wrong somewhere. When I try to create a new Windows individual account I have two options. One is to use the local network service to access the AD, the other is to use an account with "administrative access to Active Directory or local domain accounts". I found an article that says to circumvent this, temporarily deactivate the authentication through the AD. This worked with the domain originally configure (datacenter). If it is active and I try to search for users I get "Value cannot be null. Parameter name: password". When disabled I can search for and then add users.

When I try to create an account from another domain and the authentication through the AD is active,  I again get the message "Value cannot be null. Parameter name: userName". When I disable authentication through the AD, I "No domain specified.  Please enter search string in the format:  Domain\Username."  In the advanced AD settings I can successfully test the connection.


However, with the other company AD configured, I can still search for names in the datacenter domain. This indicates to me that SolarWinds can connect (thus the connection test is successful) but is querying the AD improperly.

0 Kudos

I am now even more confused. According to SolarWinds support "Our current LDAP support implementation allows authenticating users just from single domain. We can authenticate users from multiple domains only via MSAPI." Is everyone here using MSAPI?

0 Kudos

Here is how I do it...nothing special...

pastedImage_0.png

The account you use below needs admin right to SolarWinds and must be entered with the domain qualifier:

[domain_name]\[loginID]

pastedImage_1.png

Then go to town...

pastedImage_2.png

Hi When I try adding a user from a different domian I get this message:

Cannot logon '<<DOMAIN ADMIN USER>>@<<DOMAIN>>' via NetworkCleartext/Default

0 Kudos

I just started getting this exact same symptom... trying to figure out why it won't seem to query ad for a user group although the test seems to work.  For me it's the same domain the server is joined to... it's not even another domain.

0 Kudos
Level 11

SolarWinds is domain agnostic. That is why you need a domain qualifier in your login:

abcd\a.smith

or

xyz\b.rubble

0 Kudos
Level 11

Yes it is possible. Our company recently created a new domain that's currently working and existing along side the old domain.

I became flooded with requests to give the new domain users permissions to login to the Orion Web Console.

I went ahead and tried to add them into SolarWinds via the Manage Accounts page: successful!

Asked them to try logging into the Orion Web Console with their new domain user account  : successful!

Users from the old domain : still able to access the Orion Web Console

So, yes it is possible.

0 Kudos
Level 12

Yes, just add your credentials and make sure the domain networks can both talk to wherever (network/VLAN) your SolarWinds server is.

0 Kudos