Logging in with AD domain specified in the username
This is on a MAG 2600
Currently, our users login to the portal just fine using their domain username. However, I am trying to get Network Connect working at Windows logon so remote users with laptops can authenticate to the domain without using cached credentials. In the particular role that I'm testing, I have the "Launch client during Windows Interactive User Logon" setting enabled as well as "Require client to start when logging into Windows". It seems to almost be working in the sense that it's attempting to initiate the connection, but Windows is supplying the MAG with the domain in the username (as "domainname\username", as expected) and it's rejecting the login.
In the log, I see (edited of course):
AUT23457 2017-03-31 13:48:51 - ive - [user's public ip] domainname\username(Name of Realm) - Login failed using auth server Name of Auth Server (LDAP Server). Reason: Failed
So, as expected, I receive the same error if I try logging into the regular sign-in page in a browser with the username formatted as domain\username. If I remove the domain and leave the bare username, it logs in fine. Is something off in the LDAP setup?
Re: Logging in with AD domain specified in the username
That did it. Setup a test sign-in url, test realm, and auth server using AD server type and it works as intended. Good reason to clean up my roles too. This was setup before I was here back in the Juniper SA days.