Access from different domain

Post Reply
Loki419
Posts: 9
Joined: Sat Dec 10, 2016 10:32 pm
OLAP Product: TM1
Version: 10.2
Excel Version: 2007

Access from different domain

Post by Loki419 » Thu Feb 08, 2018 1:52 pm

Hi Guys

I have a question I have seen addressed in part here on and the web but I am obviously missing something (networking neophyte).

Background: I work for a Company with Domain = ABCD. We sell off part of the company but the sold segment still require access while in transition. The sold segment is on Domain XYZ. Our IT have given them the ability to VPN in and they do have access to shared drives on ABCD. Although they can see the TM1 system in Perspectives, when attempting to login they get the error message “Server principal name (SPN) or the security context of the destination server could not be established”.

I have confirmed they can successfully ping the actual IP where the TM1 server resides.

Located a technote suggesting use of ServerPrincipalName = domain name in TM1s.cfg.
When they login via VPN they are still using the creds they had pre spinoff and the unique name in the client control cube is User@ABCD.

Questions:
Syntax – I have seen this two ways 1) ServerPrincipalName =TM1_Server\Domain and 2) ServerPrincipalName =TM1_Server/Domain. Which is correct?
Do I use ServerPrincipalName in place of ServerName or should cfg contain both?

Additional information –
Large user base still in original company. Need ability for both pre and post spinoff users to access system.
The TM1 server on the ABCD domain is a VM.
I have tried IPAddress="10.17.54.12", IPAddress=10.17.54.12 and IPAddress=T to no avail

Any suggestions are very much appreciated

Thanks
Loki

User avatar
gtonkin
MVP
Posts: 591
Joined: Thu May 06, 2010 3:03 pm
OLAP Product: TM1
Version: PAL 2.0.1
Excel Version: 2016 64-bit
Location: JHB, South Africa
Contact:

Re: Access from different domain

Post by gtonkin » Thu Feb 08, 2018 6:20 pm

Hi Loki,
Have a look here - I remember going through a similar process trying to get integrated login with TM1 Web working - points 1 through 6 are probably relevant. I now use a field in the }ClientProperties to enter the Domain and then use a rule for the unique id - there should also be a post containing more detail - don't have much time right now to help further.
HTH.

Post Reply