Hello!
First time for everything right? I have a SSID that needs to authenticate to two different AD's.
I have CPPM joined to both AD domains, and have one service with both of these as Auth Source.
The issue I face is that the same username exists in both AD's and it seems that the auth source ignores the domain I add to the username.
domain1\username1
domain2\username1
If I try domain2\user1 it results in a failed auth from domain1 and deny the user to log in.
I find this in the access tracker (modified names..)
rlm_ldap: searching for user domain2\username1 in AD:domain1
rlm_ldap: found user domain2\username1 in AD:domain1
....
rlm_eap_mschapv2: Received MSCHAPv2 Response from client
rlm_mschap: authenticating user username1, domain domain2
rlm_mschap: user username1 authentication failed
rlm_mschap: AD status:Logon failure (0xc000006d)
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Why would it even look for the user in domain1 when I explicitly prefix the username with domain2? Does this imply some sort of trust between the domains?
Is there a fail-through mechanism or any other mechanism I should look at to get around this?
I don't really see another way to solve this so I need some assistance from you guys.