cancel
Showing results for 
Search instead for 
Did you mean: 

sAMAccountName OR UserPrincipalName Authentication

sAMAccountName OR UserPrincipalName Authentication

zachster47
New Contributor

Good day!

I've inherited a previously-configured wireless setup and I'm trying to enable the option of users authenticating through our NAC with either their UPN (first.last@email) or sAMAccountName (first.last). Currently, authentication will work with only the UPN format. I created a second LDAP Configuration identical to the UPN configuration, except with sAMAccountName in the user search attribute field with fall-through enabled, and added it to the authentication rules below the UPN. This ended up causing authentication with UPN to stop working, while the captive portal started accepting SAM logins, but would hang seemingly indefinitely.

I'm sure I'm missing something obvious, but I'm just stuck scratching my head at this point and couldn't find much documentation on the subject.

zachster47_0-1711050908619.png

 

1 ACCEPTED SOLUTION

Robert_Haynes
Extreme Employee

Please review https://extreme-networks.my.site.com/ExtrArticleDetail?an=000100630.

sAMAccountName is usually username format and not first.last formain. Any username@domain, username or domain\username formatted authentication should work against sAMAccountName.

userPrincipalName is commongly username@domain format only. If the username format does not match the sAMAccountName format (username vs first.last OR euser vs extreme.user@extremenetworks.com) we will likely not be able to support said deployment in this manner.

If you continue to experience issues in this space after playing around with the configuration please consider opening a support case w/ GTAC.

 

View solution in original post

1 REPLY 1

Robert_Haynes
Extreme Employee

Please review https://extreme-networks.my.site.com/ExtrArticleDetail?an=000100630.

sAMAccountName is usually username format and not first.last formain. Any username@domain, username or domain\username formatted authentication should work against sAMAccountName.

userPrincipalName is commongly username@domain format only. If the username format does not match the sAMAccountName format (username vs first.last OR euser vs extreme.user@extremenetworks.com) we will likely not be able to support said deployment in this manner.

If you continue to experience issues in this space after playing around with the configuration please consider opening a support case w/ GTAC.

 

GTM-P2G8KFN