Technical Tip: User registered to wrong domain when member of multiple
Description
This article describes an issue that happens during user registration. When a user specifies the domain during registration (e.g. user@domain or domain\user) using the Persistent Agent. The user record is associated with the incorrect domain.
This occurs when the user is a member of more than one domain and one or more of the following apply:
- Multiple LDAP servers are integrated with the appliance
- Domain names are not specified in all LDAP servers under System -> Settings -> Authentication -> LDAP.
With PersistentAgent and DirectoryManager debug enabled, messages similar to the following are seen: /bsc/logs/output.nessus:
yams.PersistentAgent FINER :: 2020-12-03 11:22:33:068 :: Session Notification received: <domain name>\<username> SessionLogon
/bsc/logs/outputmaster:
DirectoryUser::getDirectoryUser() domain = null, user = <username>
For debugging instructions, see the related KB article below.
Scope
FortiNACv 8.7 and v8.8.
Solution
To be addressed in a future release.
Related article:
Technical Tip: Gather logs for debugging and troubleshooting