This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Moving Test Environment to Authenticate w/ Prod NT

Go to answer
Not applicable

‎06-30-2015 07:08 AM

Are there any special considerations here? It isn't working.

Scenario:

Two domains prod and test, same exact user group names and user names. Prod OnBase authenticates with prod domain, and Test OnBase authenticates with test domain. Client would now prefer to have the test environment authenticate w/ the prod domain. I updated the network security configuration in OnBase config for the test environment to point to the prod domain.

We are using interactive logon for Core, and I am no longer able to authenticate, with the error: user doesn't belong to any groups. If my user account in prod domain is slemp and slemp in the test domain, and I'm a member of the same groups, shouldn't this work? Do I need to change from AD Basic to AD Enhanced?

Thanks,

Stephen

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
Verica_Mitrovic
Star Contributor
Star Contributor

‎06-30-2015 09:48 AM

Hi Stephen,

Do you have impersonation on the application server in test environment? Or an account to run your app pools on web/ app servers. As that could be the problem if test domain account is used for impersonation and it does not have access to prod domain to authenticate the user and search for groups - one of the reasons you could be getting the 'No matching groups' error. Have you tried authenticating with Thick Client? What do you see in Diagnostic Console on LDAP/ NT tab? 

Also keep in mind for core clients to work across domains it has to be two way trust between domains when AD Basic is used, AD Enhanced can authenticate users from non trusted domains.

Take care,

Verica

View answer in original post

0 Kudos
4 REPLIES 4

Go to answer
Thomas_Reu
Elite Collaborator
Elite Collaborator

‎06-30-2015 08:58 AM

Why would you you do this?  Test is supposed to be test and prod should be prod.  You need the 2 environments to be independent.  At the very minimum, this seems to ignore all generally accepted principles related to data integrity.  Sometimes one has to protect the clients from themselves and you need to tell them no.

0 Kudos

Go to answer
Verica_Mitrovic
Star Contributor
Star Contributor

‎06-30-2015 09:48 AM

Hi Stephen,

Do you have impersonation on the application server in test environment? Or an account to run your app pools on web/ app servers. As that could be the problem if test domain account is used for impersonation and it does not have access to prod domain to authenticate the user and search for groups - one of the reasons you could be getting the 'No matching groups' error. Have you tried authenticating with Thick Client? What do you see in Diagnostic Console on LDAP/ NT tab? 

Also keep in mind for core clients to work across domains it has to be two way trust between domains when AD Basic is used, AD Enhanced can authenticate users from non trusted domains.

Take care,

Verica

0 Kudos

Go to answer
Not applicable
In response to Verica_Mitrovic

‎06-30-2015 10:34 AM

I hadn't considered the user running the AppPool/impersonation account. This was all very helpful information, thanks Verica!

EDIT:

Yes I've tried authenticating with OnBase client and it worked just fine.

0 Kudos

Go to answer
Verica_Mitrovic
Star Contributor
Star Contributor
In response to Verica_Mitrovic

‎06-30-2015 02:05 PM

Since Thick Client is working you should look into your IIS setup and impersonation, the best way to diagnose where login is failing is via Diagnostic Console. If logs are confusing or you are not able to figure out I would suggest you contact your fist line of support and they will be able to help you out.
0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC