Cmode 8.3 multi-protocol in a multi-domain setup

[ Edited ]

Hi all,


We have joined the 8.3 C-Mode simulator to a domain called A.DOMAIN.NET, additionally there is a LDAP binding for mapping linux accounts with AD accounts. This works perfect for accounts, which are in the same domain (, but unfortunately we have two separate domain forests with trusts between. The main part of the users are in different domains (e.g. in or in the other forest:

23-01-2015 11-56-26.jpg


The mapping from a AD user to the UID works in theory, BUT Cmode cannot list the windows group memberships, so it stops completely:


diag secd authentication show-creds -node node1 -vserver vserver1 -win-name
Vserver: vserver1 (internal ID: 2)

Error: Get user credentials procedure failed
  [     0] Windows user 'EUNET\username1' mapped to UNIX user
  [     0] Determined UNIX id 50665 is UNIX user 'username1'
  [     1] Connecting to LDAP (Active Directory) server
  [     1] Failed to initiate Kerberos authentication. Trying NTLM.
  [    10] Connected to LDAP (Active Directory) service on
  [    10] Using a new connection to
**[    17] FAILURE: Cannot get credentials for SID
**         'S-1-5-21-329046322-854245398-839522115-1235216'. Cannot
**         determine AD domain name for 'EUNET'

Error: command failed: Failed to get user credentials. Reason: "SecD Error: cannot find domain mapping".


On the other hand the mapping of a UID to a Windows AD account is not working, as Cmode is expecting that the user should be in the joined domain A.DOMAIN.NET. Mapping rules are not solving this problem, as the users are in different domains and it would not solve the group membership resolving.


I think it has something to do with the mult-domain / trust setup - any AD/LDAP specialists knows more? Feedback would be much appreciated.


Thanks & regards