× Welcome to the Centrify Community! Follow us on Twitter via @CentrifySupport.

Can't log into trusted domain

Reply
Participant II
Posts: 9
Registered: ‎04-03-2012
#11 of 15 (2,334 Views)

Re: Can't log into trusted domain

Hopefully this works beter for you.

Posts: 766
Topics: 3
Kudos: 144
Blog Posts: 0
Ideas: 0
Solutions: 105
Registered: ‎07-06-2010
#12 of 15 (2,318 Views)

Re: Can't log into trusted domain

The adinfo output looks OK to me.  Now let's get inside the head of adclient to figure out what its doing.

 

Please do the following:

 

/usr/share/centrifydc/bin/addebug clear
adflush
 /usr/share/centrifydc/bin/addebug on Run adinfo -g companyY.com Run adquery user <user_from_domain@companyY.com> -A Run adinfo -t Attempt to authenticate as the user /usr/share/centrifydc/bin/addebug off Send /tmp/adinfo_support.tar.gz and /etc/krb5.conf for review to felderi.santiago@centrify.com. I will work with my colleague Sumana to review the log file.

 Regards,

Felderi Santiago
Technical Manager - New York, Mid Atlantic, LATAM
Centrify Corporation
Found my response helpful? Click the Kudos button!
Follow Centrify:
Highlighted
Posts: 766
Topics: 3
Kudos: 144
Blog Posts: 0
Ideas: 0
Solutions: 105
Registered: ‎07-06-2010
#13 of 15 (2,300 Views)

Re: Can't log into trusted domain

I wanted to update the post with the latest information.

 

I've been working with Bartonn offline on identifying the root cause of the problem.  By analysing the logs we determined that that the Centrify dns.dc and dns.gc parameters were misconfigured.

 

I've asked Bartonn to re-configure properly and to get back to us with the results.

 

Regards,

Felderi Santiago
Technical Manager - New York, Mid Atlantic, LATAM
Centrify Corporation
Found my response helpful? Click the Kudos button!
Follow Centrify:
Participant I
Posts: 1
Registered: ‎04-24-2012
#14 of 15 (2,245 Views)

Re: Can't log into trusted domain

Can you post a sample of what the proper configuration should look like?  We are have a similar problem and is seems like an adflush to make the adclient re-read the memberships lets our users finally log in.

Posts: 766
Topics: 3
Kudos: 144
Blog Posts: 0
Ideas: 0
Solutions: 105
Registered: ‎07-06-2010
#15 of 15 (2,233 Views)

Re: Can't log into trusted domain

By default no configuration is needed if the domains are trusted.  In the case of Bartonn we had to hardcode the DCs for the trusted domain since his DNS environment would not qualify those names.

 

From your comment, it seems like you're able to get cross domain authentications to work, they then stop working and if run adflush, they start working again.  Is this correct?  If yes, does this problem happen for all users or only some users?  If not, can you please elaborate on the problem a bit further?

 

Regards,

 

Felderi Santiago
Technical Manager - New York, Mid Atlantic, LATAM
Centrify Corporation
Found my response helpful? Click the Kudos button!
Follow Centrify: