Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Can't authenticate against the same username (identical usernames) in different domains
Can't authenticate against the same username (identical usernames) in different domains [message #159650] Mon, 03 August 2009 02:51
KevinC  is currently offline KevinC  United Kingdom
Messages: 3
Registered: August 2009
Junior Member
I have a java (JRE 1.6) application in Linux that uses Active
Directory (AD) (on Windows Server 2003 service pack 2) via LDAP to
authenticate users. There are two AD servers: one providing domain
PARENT (parent.local) and the second CHILD (child.parent.local). Both
of these servers have two-way trust with each other.

I have users PARENT\userA, PARENT\userB, CHILD\userB and CHILD\userC.
All users have the same password apart from CHILD\userB whose password
is different to the rest - including PARENT\userB.

My java application can target (make requests to) the PARENT AD server
and successfully authenticate PARENT\userA, PARENT\userB and CHILD
\userC when I provide the correct domain, username and password values/
triples. The application can target the CHILD AD server and
successfully authenticate PARENT\userA, CHILD\userB and CHILD\userC.

But I can not authenticate CHILD\userB when targetting the PARENT
server: PARENT\userB is authenticated against if I provide its
password. And I can not authenticate PARENT\userB when targetting the
CHILD server: CHILD\userB is authenticated against if I provide its
password. Why do these authentications not work? Is there anyway of
configuring the AD servers so they will authenticate?

Kevin

PS: I use the com.sun.jndi.ldap.LdapCtxFactory context factory code
like this in java:

env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldap_server);

env.put("javax.security.sasl.qop", "auth-conf");
env.put("javax.security.sasl.strength", "high");

env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");

env.put(Context.SECURITY_PRINCIPAL, userName);

env.put("java.naming.security.sasl.realm", domain);

env.put(Context.SECURITY_CREDENTIALS, password);
.....
Previous Topic:Login script not running
Next Topic:Can't authenticate against the same username (identical usernames) in different domains
Goto Forum:
  


Current Time: Thu Jan 18 20:48:41 MST 2018

Total time taken to generate the page: 0.04059 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software