Dear All,
Here is my test result regarding group delimiter:
Settings as follow:
1. Checked "enable group lookup" at System->General->Authentication
Group delimiter "@" selected.
2. Checked "Strip Realm" at Groups-> General setting (group name is testgroup)
3. Set Group-> Ipsec-Authentication to "SDI" so that the user authentication will be done by an external ACE/Server
4. create a user named "testuser" at the ACE/Server.
At VPN Remote Client, I entered the following at each tests:
Test 1 :
Group : "testgroup" , User: "testuser"
Result: No problem on authentication.
Test 2:
Group: "testgroup" , User: "testuser@testgroup"
Result: No problem on authentication
Test 3:
Group: "testgroup" , User: "testuser@whatevergroup"
Result: User can not authenticate
Question:
From Test 1 and Test 2 `s result , a user that is not using an "@" and, a user that is using an "@" delimiter will authenticat just fine. How to force a user to use an "@" delimiter , so that a user that is not using "@" delimiter will be rejected ?
Appreciate for any help
Regards,