| Description |
This article describes how to authenticate remote LDAP users using exact username, instead of username@any-value. |
| Scope |
FortiAuthenticator 6.4. |
| Solution |
In this scenario, we have imported remote LDAP users with their sAMAccountName on the FortiAuthenticator. Those users can access NetScaler application with any value after username.
For example, it is possible to see on the screenshot remote LDAP user, using 2fa is receiving SMS token code, after entering any value after username@.
In the LDAP settings Authentication -> Remote Auth. Servers, Query Elements are properly configured.
In the Radius policy settings for the NetScaler, under the 'Identity source', 'Use default realm when user-provided realm is different from all configured realms' has been disabled.
When enabled, FortiAuthenticator selects the default realm for authentication when the user-specified realm is different from all configured realms.
After that, users could not anymore authenticate and login to the NetScaler application with any value after username@.
Using only sAMAccountName, users would receive SMS token code and login to the application. |
