As the authentication has to be made to the domain, you'd need trust to allow the server the ability to talk to the domain. Otherwise, the domain itself is what is rejecting the credentials, not IPAM. There probably isn't a way to code around these types of restrictions.
Yeah, that correlates to the errors I was getting since they appear to be Kerberos errors. Just unfortunate that it has to use Kerberos. I'm wondering if I disable Kerberos pre-authentication on the service account making the connection if that will change my results.
Any update on this issue? We have similiar problem with our enviroment, our NPM is not part of domain, but we would like to be able to monitor DHCP servers via it - any workaround? Did disabling Pre-auth help for you, Jeff?
There is no workaround. The only way this could be done would be if one had IPAM run from a server that is a member in that domain. We've been asking for additional poller support, to install IPAM on an additional poller, which would be a server in the second domain. This won't happen but something else is planned to make it work. Not likely to happe anytime soon, though
I had a similar situation recently that I was able to work around and get cross domain authentication for DHCP monitoring working with NO trust between the domains.
In attempting to configure this I found it quite suprising that the NPM core AND DNS monitoring withing IPAM BOTH worked fine using Untrusted_Domain\User with no problem.
However, every attempt to authenticate against the DHCP server in the target, untrusted domain from the Add DHCP server menu in IPAM failed.
What I was finally able to get to work was to leverage classic Windows Passthrough Authentication. To achieve this I created an account locally on the NPM server with the same username and password as the target domain account.
I then REMOVED (yep, even though the instructions specifically state to include it) the "Untrusted_Domain\" portion of the credential and left ONLY the username for the target domain.
This worked with no errors and allowed me to import and monitor the target DHCP server in the remote domain with no trust between domains.
Hope this helps!
Loop1 Systems: SolarWinds Training and Professional Services