LDAP Auth changed UPN

Forum|Forum|12 years ago
September 14, 2013
4 replies
7711 views

We are installing a office365 hybride setup to migrate our mailboxes to the cloud. For this we need to change our AD UPN from domain.local to domain.com. After this users that have a domain.com upn they cannot login anymore? In the log i get a no matching policy error and the user gets a -12 errror in the ssl vpn client. I have all the users defined on the fortinet with a token and password ldap to our domain controllers. They are members of a ssl group on the firewall and that group in in the policy

Carl_Wallmark

New Member

Hi Sven, How does your LDAP filter look like on the FortiGate ?

Sven_Jacobs1Author

New Member

I do not use a filter ... here is my conifg that seems very basic ? config user ldap edit " SRV-ADS01" set server " X.X.X.X" set cnid " sAMAccountName" set dn " DC=domain,DC=local" set type regular set username " <USER>" set password <PASSWORD> next end if i do a test it seems ok ? FWBE01 (FWBE) # diagnose test authserver ldap SRV-ADS01 user pass authenticate ' user' against ' SRV-ADS01' succeeded!

Sven_Jacobs1Author

New Member

If i change the Common Name Identifier from " sAMAccountName" to " userPrincipalName" i can logon with user@domain.com

Dipen

New Member

Hi How is your User group Configuration. If Match Server Group set to Any or a specific Group has been defined.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded