Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
580
Views
0
Helpful
1
Replies

Clientless webvpn ad-username length?

ohenttonen
Level 1
Level 1

‎02-24-2014 10:54 PM

Hi,

We have webvpn portal at ASA5510 (Software Version 9.0(2)) and LDAP authentication between Microsoft Active Directory.

Our customer created new useraccounts in active directory, which had usernames over 21 characters, for example if username is: "company1.user1.normaluser" cisco won't allow login, but if we just write "company1.user1.norma" so it will be 20 characters, then we can login.

Is there limitations for this and can we change it so we could login with the full username?

Regards,

OH

Labels:
0 Helpful
1 Reply 1

ohenttonen
Level 1
Level 1

‎02-25-2014 01:31 PM

Answering to mysel:

A Microsoft Windows NT version 4.0 or earlier logon name is given to all  accounts, which by default is set to the first 20 characters of the  Windows 2000 logon name. The Windows NT version 4.0 or earlier logon  name must be unique throughout a domain.

So when using:

ldap-naming-attribute sAMAccountName == pre win2000 logon name, limited to 20character

ldap-naming-attribute userPrincipalName == username@domain.local for example

Case closed!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents