Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Role mapping broke when appending domain to username

SOLVED
Go to solution
SF_Dan_
Frequent Contributor
‎08-12-2013 11:27:AM
‎08-12-2013 11:27:AM

Role mapping broke when appending domain to username

Setup:

SA6500 System Version
7.2R4 (build 21697)

 

Pulse version 3.0.4.25005

 

Problem:

The user realm is currently configured to use Identikey for Authentication and LDAP(Active Directory) for Directory/Attribute. I have role mapping based on active directory groups. The problem is when the user appends the domain to their username role mapping no longer functions.

 

Example -

 

User name = ABC

Domain = domain.loc

 

Works - User enters their username ABC and their password+token and role mapping works fine.

 

Doesn't work - User enters their username+domain([email protected]) and password+token and Active Directory group role mapping does not work.

 

Logs when working:

works

 

As you can see it authenticates successfully and then moves on to getting directory information. In the screenshot below when using the username with domain appended you will see it stops at the "Requesting more sign-in prompts"

 

Logs when broke -

juniper-broke.JPG

 

The user will get connected with the last default role but all other role rules based on active directory group memberships do not work. Any help would be appreciated.

 

Thanks,

 

Dan

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
SVK_
Regular Contributor
‎08-13-2013 04:09:AM
‎08-13-2013 04:09:AM

Re: Role mapping broke when appending domain to username

Hi Dan,

 

in case if you want to use either the Samaccountname or userprincipalname the filter that you should be configuring under LDAP auth server instance under finding user entries is

 

(|(userprincipalname=<USER>)(sAMAccountName=<user>))

 

Refer the following KB and this should help you

http://kb.pulsesecure.net/kb16686

 

 

Regards,

SVK

View solution in original post

0 Kudos
4 REPLIES 4
SF_Dan_
Frequent Contributor
‎12-02-2010 08:03:AM
‎12-02-2010 08:03:AM

Re: Role mapping broke when appending domain to username

Thanks, SVK, that worked perfect!

0 Kudos
SF_Dan_
Frequent Contributor
‎12-02-2010 01:24:PM
‎12-02-2010 01:24:PM

Re: Role mapping broke when appending domain to username

Update:

I may be on to something, in my authentication server I see I am filtering users using sAMAccountName=<USERNAME>. The sAMAccountName attribute does not contain the @domain.loc so that may be why it is not working. I am still troubleshooting and testing but still welcome input.

thanks,

Dan

0 Kudos
SF_Dan_
Frequent Contributor
‎12-02-2010 01:40:PM
‎12-02-2010 01:40:PM

Re: Role mapping broke when appending domain to username

The above post is indeed the problem. If I tell it to use userPrincipalName instead of sAMAccountName it works when appending the domain but then doesn't work when not appending it. This is a problem as we have some people that append the domain and some that do not.

Is there any other variables or logic you can use in the ldap user filter?

thanks,

Dan

0 Kudos
SVK_
Regular Contributor
‎08-13-2013 04:09:AM
‎08-13-2013 04:09:AM

Re: Role mapping broke when appending domain to username

Hi Dan,

 

in case if you want to use either the Samaccountname or userprincipalname the filter that you should be configuring under LDAP auth server instance under finding user entries is

 

(|(userprincipalname=<USER>)(sAMAccountName=<user>))

 

Refer the following KB and this should help you

http://kb.pulsesecure.net/kb16686

 

 

Regards,

SVK

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.