NAC ldap integation - userPricipalName

  • 0
  • 2
  • Problem
  • Updated 5 years ago
  • Solved
We would like to integrate NAC in a Wireless network and want to authenticate users against an Active Directory. The customers users know only their "userPricipalName" (UPN).

If we use the "userPricipalName" as "User Search Attribute" in the LDAP configuration from NAC (version 5.0), we don't get a RADIUS accept. We assume that the NAC is cutting the @<domain> from the UPN. If this is the case there cannot come off a match with the UPN.
Can somebody confirm this behaviour?

And if this is the case, is there a workaround available?

Kind regrads
Christoph


Photo of Christoph

Christoph

  • 1,812 Points 1k badge 2x thumb

Posted 5 years ago

  • 0
  • 2
Photo of Gregory Hayden

Gregory Hayden, Employee

  • 130 Points 100 badge 2x thumb
Official Response
Hello Christoph,

In answer to your original post, you are correct
that NAC always strips off the Domain when doing an LDAP lookup on a
user.  Unfortunately, there is no current means by which to change this
behavior.  This could be put forward as a Feature Request for possible
future functionality; however, I do not have an immediate means by which
to work-around this behavior in an LDAP configuration.  

If you do wish
to raise this as a Feature Request, this can be started with opening a
Services Case by either calling into the GTAC, or via the Case
Management Web Portal.  If you would submit the request in the Services
Case, we can then take it over to a formal Feature Request for possible
future functionality, and will relay it to the appropriate Product
Manager for review.

Best Regards,

Gregory K. Hayden
Technical Support Specialist
Enterasys, now part of Extreme Networks
+1 603-952-6781