SilverKnight Posted August 30, 2013 Report Share Posted August 30, 2013 In attempting to reproduce a different issue, I installed Plastic in a VM to connect to my server with SSL OFF. I installed the client, configured it for non-ssl, then configured AD integrated security for authentication. Started the client and immediately received this error: However, checking the registry to verify the SID - shows the CORRECT SID (-1147) for the user I am logged in as: Plastic has never been on this system. Clicking the OK button on the above dialog results in the following: Followed by a prompt to enter a username and password - which shouldn't be necessary, since the client is configured for AD Integrated security. --Joined the workstation to the users domain-- Plastic starts normally and functions... Notes: The machine is on a domain different than the currently logged in user. The domain of the current user is a one way trust from the domain the machine is on (e.g. DOM1 trusts DOM2, but DOM2 does not trust DOM1 - the user is in DOM2 and the machine is on DOM1) The user is a local administrator of the machine. Win7 x64 - UAC is OFF Link to comment Share on other sites More sharing options...
calbzam Posted September 3, 2013 Report Share Posted September 3, 2013 Hi, When you are not in the domain, you need to configure Plastic client authentications as LDAP. If you select an AD authentication mode, Plastic will use your computer credentials, but as you are not in the domain the credentials will not work and a prompt will ask you to enter a username and password. That´s the reason why when your computer is in the domain everything goes fine. Regards, Carlos Link to comment Share on other sites More sharing options...
SilverKnight Posted September 3, 2013 Author Report Share Posted September 3, 2013 Well, technically, it IS on the domain - I authenticated with the domain user that I was using on my own DEV machine - the machine (computer account) was simply on a secondary domain. As you pointed out, "Plastic will use your computer credentials" -- that should have been correct, but it didn't get the correct SID for the user I was logged in as. Are you saying that plastic acts as the COMPUTER account and NOT the currently logged in USER account? computer act: dom2\computer <-is plastic using this account to access resources? and therefore it didn't get the SID of the user below? user act: dom1\user <-Logged into computer as this user. Sid ends in -1147 - I guess I expected plastic to use this user to access resources, and it should have been able to get the sid for this user I have personally written a fair amount of code to access this information in a one-way-trust domain setup with services running in similar situations, and have always been able to use the credentials/permissions of the user the code was running as, so I was quite surprised that Plastic didn't. Link to comment Share on other sites More sharing options...
calbzam Posted September 4, 2013 Report Share Posted September 4, 2013 I´m going to review the information, but if you are having problems, if your machine is not in the domain, you can use LDAP authentication. Regards, Carlos Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.