logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
roberto  
#1 Posted : Friday, July 22, 2011 11:37:47 AM(UTC)
roberto


Rank: Newbie

Joined: 7/22/2011(UTC)
Posts: 7
Location: Italy

How ScreenConnect Integrate with Active Directory ? We have an Active Directory in LAN and another Active Directory in DMZ (not trusted one another). ScreenConnect is installed on a server in DMZ but we want to authenticate with LAN Active Directory as operators are on this network. Can we set ScreenConnect to read Active Directory Information on specific AD Controllers ?

Jake  
#2 Posted : Friday, July 22, 2011 12:14:46 PM(UTC)
Jake


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 4/9/2010(UTC)
Posts: 2,061

Thanks: 1 times
Was thanked: 393 time(s) in 188 post(s)
You can't do this without a relationship between domains. The domains will need to trust each other for the security context of one domain to be valid on the other.
ScreenConnect Team
roberto  
#3 Posted : Tuesday, August 2, 2011 8:27:28 AM(UTC)
roberto


Rank: Newbie

Joined: 7/22/2011(UTC)
Posts: 7
Location: Italy

Cannot we make relationship from DMZ to LAN active directory. This is a serious security problem, many security vulnerability will be generated doing so. We want only achieve integrated password management for our operators users (in LAN), since they are LAN users but screenconnect to be more secure is installed in DMZ. Like web servers are installed in DMZ and DB Server in LAN. Cannot specify to screenconnect an LDAP server ? this is an importante feature !
Jake  
#4 Posted : Tuesday, August 2, 2011 1:54:43 PM(UTC)
Jake


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 4/9/2010(UTC)
Posts: 2,061

Thanks: 1 times
Was thanked: 393 time(s) in 188 post(s)
Sorry, we don't have plans to support any additional authentication options.

You can create many different types of trust relationships between domains-- relationships where the users in the LAN don't have necessarily have access to resources in the DMZ. If ScreenConnect would be connecting via LDAP, you'd be doing essentially the same thing as the active directory trust does, at least that's my understanding.

ScreenConnect Team
roberto  
#5 Posted : Tuesday, August 2, 2011 6:44:48 PM(UTC)
roberto


Rank: Newbie

Joined: 7/22/2011(UTC)
Posts: 7
Location: Italy

No. LDAP is a protocol that permit to access users info and verify if users and credentials are right from a specific service (like screenconnect web site). trust relationship between domain implies many more things. many services on windows other then those configured with LDAP now check users credentials and trust relationship. on other services on our pubblic server can introduce vulnerability. Trust relationship are at OS level instead LDAP or other authentication system work at application level only and only for specific application. There is more control !

Thank you
Jake  
#6 Posted : Tuesday, August 2, 2011 10:10:56 PM(UTC)
Jake


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 4/9/2010(UTC)
Posts: 2,061

Thanks: 1 times
Was thanked: 393 time(s) in 188 post(s)
You could write a membership provider to do something like this. Our system just uses most of the ASP.NET infrastructure for stuff like this, so retrofitting something wouldn't be too difficult. We've had customers swap in a MySQL store. Some other developers seem to have tried something like what you're thinking:

http://stackoverflow.com...r-server-could-not-be-co

We can help you in the Advanced Customization section if you decide to give it a shot.
ScreenConnect Team
Users browsing this topic
Similar Topics
Active Directory integration problem (Installation Help)
by Groupers 6/29/2016 2:48:54 PM(UTC)
Active Directory integration breaks the iPad and Android app (Bug Reports)
by valleywidecoop 5/14/2014 3:18:11 PM(UTC)
Logout when using Active Directory integration (General Information)
by M_Albert 4/4/2014 10:58:26 PM(UTC)
SC and Active Directory integration: Description field (General Information)
by ush 2/21/2013 7:25:48 AM(UTC)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.