Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Domain Integration issue
#1
Hello 

We are using ASG 2015 8.0.5091.0 and just link this solution to our Active Directory.
There is no issue for the internal users, it works very well, but we have a big problem with remote users connected to our solution through a VPN client...
These remote users have their accounts created in our Active Directory, but the laptop / PC they use are not always integrated into our Active directory...

By the way, the domain we use is not displayed in the Login windows of ASG for them, and this is not possible to force the domain definition in the login using <username>@mydomain or MYDOMAIN\<username>..
Only the local domain from where they are currently connected is available.

How can we fix this issue ? If the solution does not allow us to use an active directory account from a computer not known by the domain it will be a real problem for us.

Maybe latest released fix this issue, can you please help ?

Thank you for your help and support on this.
Reply
#2
For login you need still active trust to the domain. We have that issue on the todo list for a long time but didn't resolved it yet...

In ASG-RD you can specify "Non trusted domains" in Settings - and use these domains inside ASG-RD.
Regards/Gruss
Oliver
Reply
#3
Hello
Thank you for your update.
In fact we are currently concerned by the Login only, so I guess the only solution for now is to use internal users ? Do you confirm ?
Reading the forum, I notice that the ability to login without being trusted by the domain seems to be really welcome for many users, to you have any road map for this feature ?

Thank you
Reply
#4
Yes, currently internal users are the solution.

I think we will try to change the login process for one of the next patches - we know that a lot of customers would prefer to have a solution for that...
Regards/Gruss
Oliver
Reply
#5
Ok, I think then when this solution will be released we will suscribe to the latest version

Let's keep posted.
Thank you and have a nice day
Reply
#6
Hello

Do there is any update on this  ?
Is it still  in your plan to add this kind of improvement in the road map of the product ?

Thank you for your update.
Kind regards
Reply
#7
Yes it is - we spent some hours on it but it is not easy because the security methods are based on the "impersonated user" - and this can't be done if the user login from an untrusted location - but we will come back to this feature...
Regards/Gruss
Oliver
Reply
#8
(05-03-2018, 11:22 AM)DevOma Wrote: Yes it is - we spent some hours on NordVPN but it is not easy because the security methods are based on the "impersonated user" - and this can't be done if the user login from an untrusted location - but we will come back to this feature...

Glad to read you're not giving up on this feature, Oliver. I know it's tricky though. I hope you can pull it off!
Reply
#9
Hello

I am also glad to know you keep working on this, we are waiting this improvement with impatience, thank you for your update.

Regarding your comment "impersonated user", I am not sure to understand the context.
Usually, for this kind of feature, the user / password is used to bind the connection to the active directory, which does not require to be integrated in the domain, then if it's successful, you just need to map the nested groups from the active directory, then compare them with the internal groups to provide specific permissions... Obviously it depend of the method to establish the connection, but the Ldap protocol should do the job right ?

I have absolutely not a clear vision about the situation and your concerns, and I am sure your teams know in detail what is blocking this improvement so maybe this suggestion is not welcome and will not help, but just in case I prefer to share it with you.... Smile

We keep posted and watching.
Reply
#10
Hello There,

Any update on this ?

We are still stuck because of this.

thanks you
Reply
#11
Still working on this issue...
Regards/Gruss
Oliver
Reply
#12
I think it will be supported with the next patch :-)
Regards/Gruss
Oliver
Reply
#13
Hello Olivier

It's really a good news.
We keep watching for the next patch delivery to purchase the latest version.

Thank you
Regards
Reply
#14
Hello

I have just noticed in the latest released (http://forum.asg-rd.com/showthread.php?tid=10773) the following change "- Support of 'Login from untrusted domains'" ...
Is it related to this thread ?

Thank you
Reply
#15
Yes it is...
Regards/Gruss
Oliver
Reply
#16
Thank you Olivier for this improvement.
We are going to test it, then to order the latest version of ASG to deploy it on production.

Have a nice Day.
Reply
#17
If you run into any problems please let me know...
Regards/Gruss
Oliver
Reply
#18
Hello

It seems to work like a charm !!!
My only concern is regarding the security group, and maybe the security mapping between objects and security group.
In order to test the 2018 version with the trial period, we have created a new database and export/import our current 2015's database with the 2048 client..but we are losing several settings like security groups for example... Is there any better way to keep the database with all the settings ?

We tried to copy the database itself, but our current license is not compliant with the client 2018.

Thank you for your help and for this real improvement !

Kind regards
Reply
#19
With a eval version you can't upgrade the database or import all your settings - it's limited... But the security groups are read in the same way as before so it should be no difference...
Regards/Gruss
Oliver
Reply




Users browsing this thread: 1 Guest(s)