Our schools are on their own domain, but we want them to be able to use our helpdesk.  I thought they would just create the ticket using email, but my boss wants them to be able to log into the helpdesk and submit a ticket.  We set up a VPN on their machines, so they can reach our kbox, but how can they log in?  I thought I could manually add users, buy I guess I cannot do that.  Will we have to set them up as users on our Active Directory? 

Any help would be greatly appreciated!


0 Comments   [ + ] Show Comments


Please log in to comment

Community Chosen Answer

You can still use ldap for the core of your users and add those extras manually and assign a role to them.  They just show different in the user screen - missing the (ldap) after the name

Answered 12/01/2015 by: SMal.tmcc
Red Belt

  • But I thought once you turn on LDAP authentication, it won't do local authentication anymore. I did manually add a user but when I tried to log in as that user, authentication failed. Because how would it know to look at the LDAP server or locally. I guess admin is just the exception.
    • You can also create a OU in your AD with no rights to anything in the domain for those guest users. If Policies do not allow that method create virtual domain with one or two DC's and add those guest users to it and also then add the domain to the Kace LDAP.
      • It does seem this is the route to take. Thank you so much for all your help!
      • this also allows help desk to manage those accounts and your password reset to also work since it is a domain. We have 2 physical domains and one virtual domain. The 2 phy are for students and staff, the virtual is for outside accounts from other .edu entities and contractors.
Please log in to comment


You can add user manually to the Kbox without them having to be in the LDAP. LDAP authentication is obviously handier for managing password differences. 
Answered 12/01/2015 by: Druis
Blue Belt

  • Thanks! But I need to use LDAP for the majority of users. Too many to keep up with passwords. Just a few users outside the domain that need to be able to enter tickets. Any other ideas???
    • If there is a trust between domains you can use more than one LDAP query
      • What we have a VPN so that they can get to our network. What I was thinking was they open the VPN into our network. We use a Bomgar session for them to input their credentials for their LDAP authentication. Then with the VPN open, we import the users (and actually delete most of them, only want a few). Then the only time it needs to authenticate is when they would want to enter a ticket. Which they would open the VPN first to even reach our kbox. So at that point, wouldn't the kbox be able to authenticate against their AD? Or does the VPN really only let them into our network? I'm sorry, I am pretty new to all this and maybe am having a hard time understanding. Thanks so much for your help!
      • I have never user Bomgar so I can't comment on that. However if they are authenticating a VPN connection does Bomgar check the credentials against your AD or does it handle it's own Authentication?
      • Bomgar is just a remote control tool that lets both parties share desktops and control. That would just be so that they could type in their own credentials and not have to share them with me. It doesn't have anything to do with the VPN or AD. So ignoring Bomgar altogether, if someone at the school opens the VPN and I have their LDAP server and password set up in kace, could it import their users? And if so, when they want to open a ticket, they would first open the VPN to reach our kbox. But would it allow kace to authenticate against their AD? Thanks so much for taking the time to help me understand all this!
Please log in to comment
Answer this question or Comment on this question for clarity