Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 931 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Directory UPN Suffixes

cm00001

Hello,

I have had a problem with duplicated users due to the use of an UPN suffix in Active Directory.  The domain was created using a “.local” domain name. However, an UPN suffix was configured to allow the use of a public domain.

This has meant having 2 users in the firewall for every person:

- One internal domain account so SSLVPN works.

- One public domain account, so things like exchange work through the WAF.

Things that I have tried to fix this ( to get rid of the “.local” domain accounts):

- Change the “domain name” setting of the configured servers that connect with AD.  This didn’t work. After the change, users started being created with the public domain name, but as soon as I removed the internal domain accounts, SSLVPN stopped working (Errors of failed connection to AD were logged on the Authentication log).. Interestingly enough, WAF didn’t have issues with authentication.

- Keeping the “.local” domain. This would make SSLVPN work, but not WAF connections (unless clients connecting from outside get configured using “.local” domain accounts ( not ideal).

Is there an official way to handle UPN suffixes?

Thanks!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to cm00001

    You could simply delete the current AD Server and only work with the .public top level domain AD server. This would create only the public UPNs. 

    __________________________________________________________________________________________________________________

Unfiltered HTML