cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

697
Views
0
Helpful
4
Replies
Sohail Muhammad
Beginner

ACS 4.2 - Username format for Wireless User authentication

Hi all,

I am using ACS 4.2 for Wireless users authentications. ACS is integrated with the Active Directory as External Database. What I can observe is, when a user attempts to login using "username", ACS dynamically maps an entry for this user, but if the same user re-attempts with "domain\username", there is another dynamic mapping against the same AD user.

Can I strip off the domain name from the username automatically if the user inputs this, or is there any other way to control this as I want a single mapping for each AD user either he/she logs in using "domain\username" format or "username" format.

I have read about Domain name stripping on LDAP configuration and Domain Qualified names things, but how to apply these in this situation? Or is there any other way?

Looking forward for valuable response.

Regards, Sohail

4 REPLIES 4
minkumar
Beginner

Hi Sohail,

  You can go to ACS 4.2> Network Configuration> Proxy Distribution Table> Edit> Domain Stripping.

Regards

Minakshi (Do rate the helpful posts)

Thank you Minakshi for quick response. Will this strip off the domain name if enter? I hope you got my point that I want to have only one user mapping against each AD user, who attempts to log in using either domain name or without domain name.

Regards, Sohail

minkumar
Beginner

Yes, Sohail. It will certainly remove the domain name.

Regards

Minakshi (Do rate the helpful posts)

Hi Minakshi,

In addition to the stripping the domain name, is there any way that I can restrict the user to put the domain name with username like "domain\username"? Can I create any NAP or NAR in which I can check if the user is sending the username in "domain\username" format and rest can be denied?

Regards, Sohail

Content for Community-Ad