cancel
Showing results for 
Search instead for 
Did you mean: 

Logging in with AD domain specified in the username

Highlighted
Occasional Contributor

Logging in with AD domain specified in the username

This is on a MAG 2600

Currently, our users login to the portal just fine using their domain username. However, I am trying to get Network Connect working at Windows logon so remote users with laptops can authenticate to the domain without using cached credentials. In the particular role that I'm testing, I have the "Launch client during Windows Interactive User Logon" setting enabled as well as "Require client to start when logging into Windows". It seems to almost be working in the sense that it's attempting to initiate the connection, but Windows is supplying the MAG with the domain in the username (as "domainname\username", as expected) and it's rejecting the login.

In the log, I see (edited of course):

AUT23457 2017-03-31 13:48:51 - ive - [user's public ip] domainname\username(Name of Realm)[] - Login failed using auth server Name of Auth Server (LDAP Server). Reason: Failed

So, as expected, I receive the same error if I try logging into the regular sign-in page in a browser with the username formatted as domain\username. If I remove the domain and leave the bare username, it logs in fine. Is something off in the LDAP setup?
6 REPLIES 6
Occasional Contributor

Re: Logging in with AD domain specified in the username

I typo'd the log when editing it. It should say:

AUT23457 2017-03-31 13:48:51 - ive - [user's public ip] domainname\username(Name of Realm)[] - Login failed using auth server Name of Auth Server (LDAP Server). Reason: Failed
Moderator

Re: Logging in with AD domain specified in the username

Nope; you have it configured correctly.
The LDAP server type does not support domain\username format for login
Occasional Contributor

Re: Logging in with AD domain specified in the username

Yep, guess I learned it the hard way. It's actually active directory, so i'm going to just add a new auth server and reconfigure my realm.

Thanks!
Moderator

Re: Logging in with AD domain specified in the username

You are welcome
As you make that change, be aware that you lose access to attributes in your role mapping rules, resource policies, and bookmarks (if you are using them).
Occasional Contributor

Re: Logging in with AD domain specified in the username

Thanks for the heads up.
Occasional Contributor

Re: Logging in with AD domain specified in the username

That did it. Setup a test sign-in url, test realm, and auth server using AD server type and it works as intended. Good reason to clean up my roles too. This was setup before I was here back in the Juniper SA days.

Thanks