When my customer Joe comes to his office and uses his intranet desktop, he logs into Active Directory by typing "group\joe" in the username field of his Windows XP machine login window.
But actually, "group" is an alias of the real FQDN "group.emea.mycorp". I am not a Windows expert, but somehow his XP operating system manages to append the DNS "emea.mycorp" string before sending user credentials to the AD domain controller for validation.
Now that his company is deploying the SA6500 appliance, he wants to replicate the same experience when reaching the company from the Internet through the appliance. When prompted for the username by the Juniper SA, he wants to type "group\joe" and be validated by the AD controller.
I found that if he types "group.emea.mycorp\joe", the SA appliance receives a successful answer from the AD controller, but if he types "group\joe", then the transaction fails. For the time being, his group is typing the entire FQDN to work this problem around, but they consider this annoying.
ÀIs there a chance to tailor the SA configuration to ask the appliance to append a string the username before sending the userid to the AD controller?
Thank you very much in advance
you can use either the domain\username option, which does not bind the pc to the domain, or you can use the LDAP servertype and use userprinciplename
What is the type of authentication server configured on the sa
is it AD or LDAP
If it is AD auth server configuration in SA enable "Allow domain to be specified as part of username"