Hot!explicit proxy - user UPN in AD does not match our domain name and thus LDAP lookup fails

Author
James_G
Silver Member
  • Total Posts : 82
  • Scores: 4
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
2019/01/21 04:44:27 (permalink)
0

explicit proxy - user UPN in AD does not match our domain name and thus LDAP lookup fails

I have an issue with explicit proxy authentication with NTLM with LDAP lookup to AD - in summary our user UPN in AD does not match our domain name and thus LDAP lookup fails

Our domain is exampleAD.com
My user is user1@exampleAD.com
My UPN is user1@example.com

If I change my UPN back to user1@exampleAD.com the user authentication in explicit proxy then works, but we have a requirement (Office 365) for our UPN to match our email domain name, thus must remain different to domain user name.

Any ideas what we can do to resolve?
 
Thanks in advance
 
 
The log details if it helps are below - but not sure this is relevant as I know the workaround is to change the UPN.
 
GeneralDate2019/01/21Time11:25:51Virtual DomainrootLog DescriptionExplicit proxy user group query failed
SourceIP10.10.10.10Useruser1@exampleAD.comGroupN/A
DestinationIP212.58.249.208Host Namewww.bbc.co.uk
ActionActionNTLM-authPolicy0StatusfailureReasonGroup information query failedAuthentication ProtocolHTTP(10.10.10.10)
SecurityLevel 
EventMessageUser failed in group information query     
#1

2 Replies Related Threads

    baggins
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/12 06:06:20
    • Status: offline
    Re: explicit proxy - user UPN in AD does not match our domain name and thus LDAP lookup fa 2019/01/23 02:02:23 (permalink)
    0
    Hi,
     
    Did you try with group filters under "config user ldap"?
    #2
    James_G
    Silver Member
    • Total Posts : 82
    • Scores: 4
    • Reward points: 0
    • Joined: 2016/02/28 02:55:47
    • Status: offline
    Re: explicit proxy - user UPN in AD does not match our domain name and thus LDAP lookup fa 2019/01/23 02:34:31 (permalink)
    0
    Anyone looking in the future - I fixed the issue - change domain-name under domain-controller to match your UPN the users have set and all seems to work OK
     
    config user domain-controller
    edit "domain.com"
    set ip-address 10.10.10.10
    set domain-name "domain.com"
    set ldap-server "DC01"
    next
    end
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5