We have just built out a new 5.5 environment and I am working on the SSO portion. Currently our SSO server is in a sub domain of our primary domain (subdomain.company.net), all our users AD authentication is done through our primary domain (company.net). We also have a couple two way trusts with some customer domains.
So in the configuration I choose "Active Directory (Integrated Windows Authentication)" and I put our primary domain company.net in the domain name. I use machine account, but I get "The host is required to join to domain [company.net] but joined to [subdomain.company.net]
I am not positive what this is referring to. Do I need to be using SPN for our other domains? I added subdomain.company.net without any issues.
Any help would be great!
Thats because the machine you installed SSO on is in your subdomain(The error is very descriptive ). So adding identity source with integrated windows auth would work only for that particular subdomain.
Right, I understand that part about being in a subdomain and that's my bad for phrasing the question wrong. I just didn't know if others are adding multiple domains with "Active Directory as a LDAP Server" or if using a SPN with Integrated Windows Authentication is the correct way to do it.