https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144002#M7112 <P>hi,&nbsp;</P><P>i believe so, but can always get a verification from the customer on this one.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 17 Mar 2022 07:34:04 GMT KM1895 2022-03-17T07:34:04Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/143409#M7110 <P>&nbsp;</P><P>hi,</P><P>I am currently trying to assist a customer with changing login name from SAM to UPN for their remote access environments.</P><P>I have changed the CustomLoginAttr to&nbsp; |(sAMAccountName=&lt;&lt;&gt;&gt;)(UserPrincipalName=&lt;&lt;&gt;&gt;) and changed lookup_type to custom.</P><P>&nbsp;</P><P>We are still getting "unknown user" when they try to log in.</P><P>As they are using access roles, i changed the same settings for all IA settings here as well, but no success.</P><P>I believe something on the firewall is blocking this, as we dont get any hits on the nps server, and tcpdumps show no traffic on port 1812 when they attempt to log in.</P><P>Are there any more settings that needs to be done, in order to get UPN to work?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 10 Mar 2022 10:55:55 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/143409#M7110 KM1895 2022-03-10T10:55:55Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/143413#M7111 <P>Did you make sure auth method under gateway office mode properties is correct?</P> Thu, 10 Mar 2022 12:50:30 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/143413#M7111 the_rock 2022-03-10T12:50:30Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144002#M7112 <P>hi,&nbsp;</P><P>i believe so, but can always get a verification from the customer on this one.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 17 Mar 2022 07:34:04 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144002#M7112 KM1895 2022-03-17T07:34:04Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144003#M7113 <P>hi, again</P><P>&nbsp;</P><P>All the settings for authentication appear to be correct. it is currently set to default on ldap lookup type. If i change it to UPN, it still gives the same result, as in nothing hitting the nps server.</P><P>&nbsp;</P><P>The radius authentication is working for SAM, but when changing to UPN, we dont see anything.</P><P>The users will connect, and the radius traffic is then sent over vpn to another site. But here, we dont see anything when testing, so this is leading me to suspect an issue on the checkpoint, rather than the radius setup. Even if the radius was the issue, we would have still seen the requests come in when doing a tcpdump on the relevant gateways.</P><P>&nbsp;</P><P>Could this be a possible TAC case?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 17 Mar 2022 07:47:13 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144003#M7113 KM1895 2022-03-17T07:47:13Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144004#M7114 <P>I am confused. Do you mean VPN, maybe?</P> Thu, 17 Mar 2022 08:07:05 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144004#M7114 _Val_ 2022-03-17T08:07:05Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144012#M7115 <P>hi, Val</P><P>&nbsp;</P><P>Im slightly confused by this case myself.</P><P>&nbsp;</P><P>As it stands today, users log on to their Remote Access using their SAM, with Azure MFA enabled. This works just fine.</P><P>When switching to UPN, we dont get anywhere. No requests is sent to the radius servers(over site2site vpn). They use MUH, and i have tried changing the settings here as well, but still get the same result.</P><P>&nbsp;</P><P>As for now, i will contact TAC, to see if they can assist further as well, as the customer wants this up and running.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 17 Mar 2022 08:29:31 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144012#M7115 KM1895 2022-03-17T08:29:31Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144064#M7116 <P>Sorry, it seems I originally misread your post.&nbsp;<SPAN>UserPrincipalName authentication should work. </SPAN></P> <P><SPAN>Look into sk110858. It is not your case, but please check the mentioned parameters anyway, specifically<EM>UserLoginAttr.</EM></SPAN></P> <P><SPAN>If it is as ti should be, open a TAC case.</SPAN></P> Thu, 17 Mar 2022 14:38:50 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144064#M7116 _Val_ 2022-03-17T14:38:50Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144080#M7117 <P>I second what&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/181">@_Val_</a>&nbsp;told you. That sk seems pretty details, so hopefully it helps. If not, then TAC would be your best bet.</P> Thu, 17 Mar 2022 15:53:24 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/144080#M7117 the_rock 2022-03-17T15:53:24Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/165549#M7118 <P>Hi,</P><P>Got solution.?</P> Mon, 19 Dec 2022 09:41:00 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Problems-with-using-UPN-for-remote-access/m-p/165549#M7118 Shira 2022-12-19T09:41:00Z