Advanced configuration: Active Directory mode cross-forest and domain authentication

Configure advanced Active Directory mode settings if you implemented the Cloud Extender® in Active Directory mode, if you are working in a multi-forest/multi-domain environment, and the forest and domains have a trust (minimum of one-way trust from the Cloud Extender domain).

About this task

Configure extra settings for the Cloud Extender to authenticate users in other forests and domains. Your domain must be trusted. If you have multiple forests, you must have at least one-way trust from the domain of the Cloud Extender server to other target domains. Modify or add registry keys manually for Cloud Extender to support multi-domain/forest authentication because these keys exist and must be overwritten.

Procedure

  1. Configure the Cloud Extender in multi-domain mode by using the following registry key setting.
    1. Open the Registry Editor (regedit.exe) on the Cloud Extender server.
    2. From HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fiberlink\V360, create a value in the V360 key: "ADD_REG_POLICY_GROUP"="UA_PLC”.
      Note: If the ADD_REG_POLICY_GROUP key exists, you must append UA_PLC to the list separated by a semicolon (;).
    3. Create a key under the V360 key named UA_PLC.HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fiberlink\V360\UA_PLC
    4. Create two new string values under UA_PLC: “FQDNMapFilePath”=”C:\%ProgramData%\MaaS360\Cloud Extender\AR\Data\FQDNMap.txt”“SearchAllForests”=”Y”
  2. Create a mapping of all your trusted domains in a new text file called FQDNMap.txt by using any plain text editor.
    This mapping file is a text file that contains one entry per line of text for each domain in the environment. Each line entry in the file looks like the following example, with the short domain to the left of the = (equals) sign and the FQDN to the right of the = (equals) sign: shortDomainName=FQDN and FQDN=FQDN (make sure to map both combinations).
    For example, you have three domains, everest and mckinley under f01.example.local root, and another domain k2 under the example.local forest. Your domain mapping file looks like the following example.
    everest=everest.f01.example.local
mckinley=mckinley.f01.example.local
k2=k2.example.local
everest.f01.example.local=everest.f01.example.local
mckinley.f01.example.local=mckinley.f01.example.local
k2.example.local=k2.example.local

    Each line in the file must end with either a <CRLF> (DOS line ending convention) or a <LF> (UNIX line ending convention).

    1. Save the file as FQDNMap.txt.
    2. Copy the FQDN Map File FQDNMap.txt to the folder C:\ProgramData\MaaS360\Cloud Extender\AR\Data\.
  3. Restart the Cloud Extender service.
  4. Test authentication again on all domains to make sure that the configuration is complete.