Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Login: [Windows Account] from Subdomain doesn't work
#1
Hi,

Login doesn't work in a trusted domain with my account from the others domain [subdomain].

Situation:
Forest [ABC]
ABC.com

Forest [XYZ]
XYZ.com
Subdomain.XYZ.com

Trust: ABC.com <> XYZ.com 2-way

Problem:
I've installed ASG 2016 on a client in the domain "ABC.com". Now I try to login (ASG Database Mode) with my account from the domain "Subdomain.XYZ.com".


Start ASG
----
Environment: DB
Login type: Windows Account
Uncheck: Integrated
Username: username
Password: *******
Domain: xyz.com
----
Login failed. Error code 1326

Actually username should be called "subdomain\username" or "username@Subdomain.XYZ.com" but both possibilities won't work. Login button is grey

Is it possible to add this feature?
Thank you, regards
Mike
Reply
#2
Normally that should work - but if you google for "error code 1326" you can find some articles - I didn't find a solution right now what could help - but it seems to be something in Network security/authentication

I never seen this before
Regards/Gruss
Oliver
Reply
#3
Nope, now I activate also the ASG security log. There is a record:

Timestamp: 16.06.2016 16:40
Username: myusername@XYZ.com
Action: Logon
Status: Failed
Client: MyClient


With this username it never will work "myusername@XYZ.com". Because the user account is in the subdomain it should be "myusername@Subdomain.XYZ.com".

But I can't change it ASG do not accept "\" or "@" (UPN Usernames)
Reply
#4
If there is 2 way trust your subdomain should be listed in the domain field (in Login Dialog)? Isn't it in there?
Regards/Gruss
Oliver
Reply
#5
No, we trust only the root domain (Forest trust).

Forest trust, 2-way, Transitiv

Like the picture here: https://technet.microsoft.com/en-us/libr...s.10).aspx

(17-06-2016, 08:28 AM)DevOma Wrote: If there is 2 way trust your subdomain should be listed in the domain field (in Login Dialog)? Isn't it in there?

It's only the root domain listed.
Reply
#6
For the login process we need a full trust to the domain you want to login - it is on the feature list to extend this behavior
Regards/Gruss
Oliver
Reply
#7
Ok, thank you.
So I have to wait. Because it's against our policy/concept.
I can't create a additional trust just because the ASG need it Smile

Regards
Reply
#8
Think about to use Username/Password login instead of WindowsAccount-Login... then you do not have to wait :-)
Regards/Gruss
Oliver
Reply




Users browsing this thread: 1 Guest(s)