This Topic is a a follow up to
Although, I hopefully configured everything as advised and discussed in above thread,
Machine + User authentication fails. (Machine auth ONLY works fine, now!)
Below is a screenshot of the EvaluationTool result:
I don´t see the mistake….
Best answer by SDR
today customer tested the solution/correction and it worked.
Below my solution/explanation:
In an earlier mentioned documentation (https://extremeportal.force.com/ExtrArticleDetail?an=000080814) I primarily followed it was advised to use “cn” as Host Search Attibute (within the LDAP-configuration of “Domain users”
At least in my environment, this did not work (as shown in above screenshots). The solution was to use “dNSHostName” as Host Search Attibute (which is the default).
Changing this, the configuration worked. Machine AND User-Authentication are passed successfull.
Unfortunately, this solution is already described in https://extremeportal.force.com/ExtrArticleDetail?an=000082479 which I found during my troubleshooting.
In addition to this modification of the solution, I changed the advised order of the Rules.
- Authenticate and authorise a machine
- Authenticate and authorise a machine as a valid domain computer with a valid domain user logged in
- Deny a valid user who is on a non-domain (BYOD) computer
In my environment, Rule “2” never will be verified, after a Machine was successfully authenticated.
So, no user-authentication will ever happen.
For that reason, I switched the order of rule 1 and 2 and afterwards, all variations could be verified and authenticated.
Thanks all for your assistance.