cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2433
Views
0
Helpful
5
Replies

Creating a second authentication realm

isaqellari
Beginner
Beginner

Hello,

One of our clients has enabled NTLM (Single Sign-on) proxy authentication using the creation of an authentication realm.

Now is it possible to create another authentication realm for another domain, (proxy will be joined also in this other domain), in order that one user

of this other domain (with the computer joined in this domain) can authenticate to proxy and use it providing the credentials of his domain ?

There is a two-way trust relationship between these two domains.

BR,

Ilir

5 Replies 5

Tery Le Febvere
Cisco Employee
Cisco Employee

Hi,

My name is Tery and I am an engineer on the Cisco IronPort Web team and I will be happy to answer your question.

The WSA can only be joined to one domain but other sub domains (preferably with 2 way trust) can be used, meaning even though you join the primary domain any other sub domains that have 2 ways trust can be authenticated through the appliance.

Thanks,

Tery

Hello Tery,

Thank you for your reply and you disponibility.

Actually, in our case these two domains are completely different and are in different forests, for example domain1.al and domain2.al, and as mentioned above they there is a two-way trust relationship.

So, it is the same answer also for this case or not ?

BR,

Ilir 

Hi llir,

Even thought they have 2 way trust they have to be in the same forest to work.

Hope this helps!

Thanks,

Tery

Hi Tery,

So in our case even though, we have established a cross-forest two-way trust it will not work....

Ok, thanks for your help.

BR,

Ilir

Hello,

Because of a customer Service Request query about this post, just putting some comments in here :


Here is the excerpt of an internal KB we have for this :

###################

Question:

What AD domain trusts are required to authenticate against other forests / domains?

Solution:

The Cisco IronPort WSA is able to authenticate across multiple Active Directory forests as long as the domain that the WSA joins, has at least a one way trust with each forest where the users belong.

NOTE: All domains within the same forest automatically have two-way trusts with each other.
####################

Regards,

Eric Dadios

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers