Secret Server Integration and using Local User Accounts \ Domain User Accounts

Hello Kevin,
I will need more details. What do you mean bu our domain accounts don't work. What type of connection do you try to open?

Regards

Hello David,


We have domain AD accounts and local windows account in our secret server. I can change the default settings for all the connections to either work for local windows account or by default work for domain AD accounts.
If the Override Domain to "Use Host Name", my window accounts in secret server work.

I set all my connections by default to use secret server, so I see this screen and login using 2 factor auth.

I then select a secret from this screen (I have deleted our org specific information).
But if I select a domain account it will work if I leave Override domain to default in connection properties (so it logs in with domain\username).
If I select a secret from this screen that is a local windows account, it will not work. It is trying to login to domain\username when it should be logging in as computername\username. When I switch the override domain setting mentioned above to Use Host Name, the local windows accounts work but the domain accounts do not work. There is no way after selecting the secret to specify to login to domain or local computer. I was thinking that it would login to the domain or local computer based on the template in secrete (Active Directory Account or normal Windows Account)





Kevin

Hello,

Thank you for the information Kevin. We will try and reproduce the issue and then work on a fix. I'll keep you updated.

Regards,

We will have a tentative fix for that in the next beta. When it's out could you try it out and give us some feedback? Thank you.

Regards,

Thank You. I will keep an eye out for the Beta Release.

The new beta released today (11.5.9.0), you can download it here and see if it helps your case: http://remotedesktopmanager.com/Home/Download#beta

Regards,

Hello Hubert,
Here is the result of my testing. Under the Override Domain, I leave it at default.
When I select a domain account, it works as normal.
When I use a Windows Account, it appears to grab the Machine Name from the Secret Server.
In this field we have the fully qualified domain name of the computer as we have multiple domains.
So it is trying to logon to computername.domain.com\username instead of computername\username.
The login then fails.

Unfortunately I'm not sure we can get only the computername, unless we manually trim it from the "machine" field which could get tricky due to it being a simple text field.
We could always try and add an advanced option that could trim the machine name after the first dot or something of the sort, but it isn't the cleanest or the safest option.

Regards,

Trimming it at the dot would work for how we are using it.
Using the host name (in RDM) would work for us for the most part. But we do have servers in other domains with the fqdn in the name so I don't think that is a good solution.
It would also be good if after a failure to login, to have the fields filled in that you could modify the username and possibly try again.
Or maybe have secret server fill in a dialog for username and password that is editable and allow the user to connect manually.
Kevin

Those are interesting ideas to work around the issue, we'll keep those in mind. It might have to be an option to enable on the Secret Server entry. We'll have to see how feasible it is to have a prompt to retry the login process while specifying a different username, it might be difficult with how RDM is structured. Nevertheless, those are good ideas :) I'll keep you updated on any progress we make.

Regards,

Hello,

I wanted to let you know the next minor version of RDM will have a new advanced option in the Secret Server credential entry to trim the machine/domain at the first dot. When this is out, could you let me know if this works for you? Thank you.

Regards,

Seems to be working from what I can tell.
Thanks for the improvements.
Kevin