Elsinore

User Forum

www.screenconnect.com
Welcome Guest Search | Active Topics | Log In | Register

Tag as favorite
Active Directory Integration
Options
Previous Topic Next Topic
roberto
#1 Posted : Friday, July 22, 2011 4:37:47 PM
Rank: Newbie
Joined: 7/22/2011
Posts: 3
Location: Italy
How ScreenConnect Integrate with Active Directory ? We have an Active Directory in LAN and another Active Directory in DMZ (not trusted one another). ScreenConnect is installed on a server in DMZ but we want to authenticate with LAN Active Directory as operators are on this network. Can we set ScreenConnect to read Active Directory Information on specific AD Controllers ?
Back to top
Report?
Jake Morgan
#2 Posted : Friday, July 22, 2011 5:14:46 PM
Rank: Administration
Joined: 4/9/2010
Posts: 858
You can't do this without a relationship between domains. The domains will need to trust each other for the security context of one domain to be valid on the other.
Back to top
Report?
roberto
#3 Posted : Tuesday, August 02, 2011 1:27:28 PM
Rank: Newbie
Joined: 7/22/2011
Posts: 3
Location: Italy
Cannot we make relationship from DMZ to LAN active directory. This is a serious security problem, many security vulnerability will be generated doing so. We want only achieve integrated password management for our operators users (in LAN), since they are LAN users but screenconnect to be more secure is installed in DMZ. Like web servers are installed in DMZ and DB Server in LAN. Cannot specify to screenconnect an LDAP server ? this is an importante feature !
Back to top
Report?
Jake Morgan
#4 Posted : Tuesday, August 02, 2011 6:54:43 PM
Rank: Administration
Joined: 4/9/2010
Posts: 858
Sorry, we don't have plans to support any additional authentication options.

You can create many different types of trust relationships between domains-- relationships where the users in the LAN don't have necessarily have access to resources in the DMZ. If ScreenConnect would be connecting via LDAP, you'd be doing essentially the same thing as the active directory trust does, at least that's my understanding.
Back to top
Report?
roberto
#5 Posted : Tuesday, August 02, 2011 11:44:48 PM
Rank: Newbie
Joined: 7/22/2011
Posts: 3
Location: Italy
No. LDAP is a protocol that permit to access users info and verify if users and credentials are right from a specific service (like screenconnect web site). trust relationship between domain implies many more things. many services on windows other then those configured with LDAP now check users credentials and trust relationship. on other services on our pubblic server can introduce vulnerability. Trust relationship are at OS level instead LDAP or other authentication system work at application level only and only for specific application. There is more control !

Thank you
Back to top
Report?
Jake Morgan
#6 Posted : Wednesday, August 03, 2011 3:10:56 AM
Rank: Administration
Joined: 4/9/2010
Posts: 858
You could write a membership provider to do something like this. Our system just uses most of the ASP.NET infrastructure for stuff like this, so retrofitting something wouldn't be too difficult. We've had customers swap in a MySQL store. Some other developers seem to have tried something like what you're thinking:

http://stackoverflow.com...-server-could-not-be-co

We can help you in the Advanced Customization section if you decide to give it a shot.
Back to top
Report?
Users browsing this topic
Guest
Tag as favorite
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

SoClean Theme By Jaben Cargman (Tiny Gecko)
Powered by YAF | YAF © 2003-2009, Yet Another Forum.NET