Domain pass-through mystery solved
Okay, I think I finally figured out the problem with domain pass-through getting disabled. When SD+ first starts up, it launches your web browser to the login screen. The problem is that the browser is launched under the local SYSTEM account, which is generally reserved for system services and background processes. This account has no domain privileges, thus domain pass-through fails. Additionally, it appears that attempting to enable domain pass-through while running under SYSTEM does not work. You click the box to enable it, click Save, and the box will not stay checked.
Now, if you close that browser window, open a new one (which will now be running under your logged-in domain account), login, and enable domain pass-through, it will enable properly, and should stay enabled. To test it, close the browser once again, open it back up to your SD+ site, and you should be automatically logged in. And I should add here that I used IE7 under Windows XP to enable domain pass-through this way, and it worked perfectly.
Here's the interesting thing. If you right-click on the SD+ icon in the system tray and click "Start Client", or shutdown and restart the SD+ service, both of which automatically launch the browser under the SYSTEM account, it will attempt (and fail) to authenticate against the domain, and that apparently causes domain pass-through to become disabled again. Basic Active Directory authentication still works properly no matter what.
So, there's the bug, documented and easily reproduced. There are several possible solutions that I can see. One would be to simply fix it so that attempting to login from the local SYSTEM account does not disable domain pass-through. What would be better is to find some way for the automatic browser launch to run under the currently logged-in user instead of the local SYSTEM account (which is a big security risk anyway, since that account has elevated privileges on the local computer), or else just disable the automatic browser launch altogether.
Now, if you close that browser window, open a new one (which will now be running under your logged-in domain account), login, and enable domain pass-through, it will enable properly, and should stay enabled. To test it, close the browser once again, open it back up to your SD+ site, and you should be automatically logged in. And I should add here that I used IE7 under Windows XP to enable domain pass-through this way, and it worked perfectly.
Here's the interesting thing. If you right-click on the SD+ icon in the system tray and click "Start Client", or shutdown and restart the SD+ service, both of which automatically launch the browser under the SYSTEM account, it will attempt (and fail) to authenticate against the domain, and that apparently causes domain pass-through to become disabled again. Basic Active Directory authentication still works properly no matter what.
So, there's the bug, documented and easily reproduced. There are several possible solutions that I can see. One would be to simply fix it so that attempting to login from the local SYSTEM account does not disable domain pass-through. What would be better is to find some way for the automatic browser launch to run under the currently logged-in user instead of the local SYSTEM account (which is a big security risk anyway, since that account has elevated privileges on the local computer), or else just disable the automatic browser launch altogether.