We have multiple domains that use the following structure:
- parent.com UPN firstname.lastname@example.org LOGON parent\username
- child1.parent.com UPN email@example.com LOGON child1\username
- child2.parent.com UPN firstname.lastname@example.org LOGON child2\username
- child3.parent.com UPN username@various_email_names.com LOGON child3\username
Just to complicate matters the UPN suffix and the logon domain are not the same (it's a historic thing.....)
I am trying to configure the Kemp to publish ActiveSync using Client SSL certificate authentication. We already have this working using a TMG but we need to move to a Kemp based solution.
The TMG solution didn't need to know about the various child domains and was relatively easy to configure. The TMG handles the Client SSL Cert and talks to AD using Kerberos to authenticate the user.
I am struggling to determine how I can replicate this using the Kemp? I have tried following the Kemp Kerberos Constrained Delegation guide but I'm not sure if I need to configure each child domain as a separate SSO domain ?
Any ideas ?