I'm in the process of setting up an Openfire XMPP server for intra-company communication. I have it authenticating against our local DC fine. Our company has two different offices (one in the US, and another in Europe) each with its own domain. Our two systems are fully trusted and connected via a VPN.
What I would like to do is setup Openfire to allow users from either domain to log in to the single primary server. I'd like to keep the group chat feature, so installing a server on each domain isn't really a great option (but it's open if I can't get this working).
I can see all the trusted users in Openfire (It's detecting them for the contact lists), but I can't get them authenticating (They get a Not Authorized. Please Try Again
message).
Any thoughts on how to proceed?
Your best bet is to use the Global Catalog (ports 3268/9). According to MS:
"Because the global catalog is the forestwide location of the membership of all universal groups, access to a global catalog server is a requirement for authentication in a multidomain forest."
http://technet.microsoft.com/en-us/library/how-global-catalog-servers-work(v=ws.10).aspx