In version 1 and 2 of the SNS firmware, multiple Microsoft domains - therefore containing several directories - are not supported. Since the firewall manages a single directory, user groups from different directories cannot be retrieved. Moreover, potential conflicts may arise on accounts if overlapping IDs exist.
For futher information, please refer to the Technical note Stormshield Network SSO Agent - installation and deployment.
Identification by SSO agent may be cancelled on the firewall if the user of the workstation uses a different login on the domain. This second identification is relayed by the domain controller which replaces the initial session. These cases occur especially for the following types of access:
- Logging on to an intranet using the kerberos and/or ntlm method,
- Mounting of shared remote resources (files, printers) via the SMB protocol,
- Connecting to RDP Terminal Services on a remote server.