cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

246
Views
0
Helpful
1
Replies
Highlighted
Beginner

Clientless webvpn ad-username length?

Hi,

We have webvpn portal at ASA5510 (Software Version 9.0(2)) and LDAP authentication between Microsoft Active Directory.

Our customer created new useraccounts in active directory, which had usernames over 21 characters, for example if username is: "company1.user1.normaluser" cisco won't allow login, but if we just write "company1.user1.norma" so it will be 20 characters, then we can login.

Is there limitations for this and can we change it so we could login with the full username?

Regards,

OH

Everyone's tags (3)
1 REPLY 1
Beginner

Clientless webvpn ad-username length?

Answering to mysel:

A Microsoft Windows NT version 4.0 or earlier logon name is given to all  accounts, which by default is set to the first 20 characters of the  Windows 2000 logon name. The Windows NT version 4.0 or earlier logon  name must be unique throughout a domain.

So when using:

ldap-naming-attribute sAMAccountName == pre win2000 logon name, limited to 20character

ldap-naming-attribute userPrincipalName == username@domain.local for example

Case closed!