Forum / Devolutions Password Server - Support

Multiple domains in RDMS

  • Create an Issue
  • Cancel

I have an RDMS setup with 2 Security groups - 1 from Domain A and 1 from Domain B. Domain A and B both have full trusts between them.

If a user logs on from Domain A in the Security group that I've added it is auto created and assigned to the correct RDMS Security Group. If a user from Domain B tries to logon it receives an error message about being unauthorised and the user account is not created.

Are trust domains allowed in RDMS and is there a way for users in Domain B to logon with auto created accounts?

Thanks,
Wesley

Clock6 yrs

Hi,
Unfortunately we don't support that. To get the security right and the authentication, we need to query the domain PDC and it does not seems to apply the full trust. I will enter a feature request for that but for now I don't have any solution.

David Hervieux

signaturesignature

Clock6 yrs

Thanks very much for the response.

In order to get around this I've decided to set the users from Domain B up as RDMS users. I have checked both "Authenticate with RMDS user" and "Authenticate with domain user" checkboxes.
While I can logon with the user account I've created, it does not seem to be getting access to the Security group that I have added View rights to. Likewise if I add it as a member of a role it doesn't recognize it's membership.

When I view "My data source information" it does not show anything under Groups or Roles. In the tree view of the sessions, I can't see any of the restricted items.

Is there a problem with using 2 authentication methods?

Clock6 yrs

Hello,

I use local users and domain users in my demos and it works.

The File -My Data Source Information for all users in the same?



Maurice Côté

signaturesignature

Clock6 yrs

For the domain users it shows the Roles and Groups but doesn't show anything when it's one of the Users I've created.

In the information above this it shows "Login type" as Domain for all users.

In the event logs on the RDMS console, everytime I log in with one of these users it shows the below - the users do however logon with no problems and there are no bad password prompts on the client.

DirectoryServicesCOMException - Logon failure: unknown user name or bad password.


at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Devolutions.RemoteDesktopManager.Server.DomainManager.GetUserGroups(String domainMachine, String domain, String userName, String password, Boolean recursive) in c:\Dev\devolutions\Websites\RemoteDesktopManagerOnline\Common\Managers\DomainManager.cs:line 211

Clock6 yrs

Hello,

For the local users, have you assigned them in roles that are in fact linked to AD Groups?



Maurice Côté

signaturesignature

Clock6 yrs

For my local test users I have checked the box in "Is Member" under the Role that I want them to be a member of.
I have also tried checking the "View" box under Groups on the users pages, as well as in the Security Group itself. However none of these things appear to be adding the user to the group.

Any other suggestions?

Clock6 yrs

please contact us using support@devolutions.net, we will need to go deeper.



Maurice Côté

signaturesignature

Clock6 yrs