Dear Folks,

I have running a r81.10 environment.

To identify the users, IDA is acitve. As IDA sources the Terminal Server Agent, the IDA agent, the IDA collector and the webportal is used.

As the IDA agent users should have a convenient use, the LDAP account unit is configured with transperet kerberos.

Now, wenn a kown user, how don't has a system with integration in the AD domain, e.g. private laptop, needs to enter his credentials three times in the web portal (the user is redirected to portal due to a redirect rule).
The first time a pop window from browser opens, when entering the credentials successfully, the "normal" IDA webportal open's and asking for the credentials again. Unfortunately, the response is "Your session has expired. Please try again".

After entering the credentials the third time, the user gets in...

The log shows "Failed Log In" with "Client's browser didn't send a Kerberos ticket, please refer to sk104055".

My idea is now, creating a second LDAP account without "transparent kerberos". This unit will then only be used by the IDA webportal.

Can a second LDAP account unit be created for the same AD user population?

Best regards,
Christian