LDAP/keberos for proxy auth - multiple domains

The problematic scenario here is: If there is no trust relationship between both ADs, it will not work, as SFOS (like UTM) can only be joined to one AD realm. You have to build a trust relationship for AD sso. 
If you want to use another authentication, like Sophos Heartbeat User ID, or STAS, this works fine with multiple AD server. 
Just the AD SSO component will not work, as the authentication daemon used in SFOS not be able to join Independent AD realms. 

The problematic scenario here is: If there is no trust relationship between both ADs, it will not work, as SFOS (like UTM) can only be joined to one AD realm. You have to build a trust relationship for AD sso. 
If you want to use another authentication, like Sophos Heartbeat User ID, or STAS, this works fine with multiple AD server. 
Just the AD SSO component will not work, as the authentication daemon used in SFOS not be able to join Independent AD realms. 

Ahh that makes sense thanks LuCar Toni, we are in the process of adding the domain trust relationship so looks like I'll have to sit tight for that to be completed.

Really appreciate the response, thank you.

AD SSO is only supported to a single server.  That server then needs to have the appropriate trust relationship to be allowed to authenticate against multiple domains.  Kerberos has some other complex requirements that may or may not be met (Service Principal Name) however NTLM should work.

Captive Portal will work against multiple servers and I believe STAS does as well.