Identity Awareness over VPN - Same user in different Domains

israelsc — Fri, 14 May 2021 15:00:55 GMT

Hello.
I have a case with a customer.

We integrate Active Directory servers by creating LDAP account unit. Domain user authentication is done through a VPN Check Point mobile client.
When a client connects to a domain that is registered with Check Point, everything is normal. Their respective logs are generated in SmartConsole and everything is ok.

The problem arises, there are several users who have a user with the same name in one domain and registered with the same name in another subdomain.
For example:
JonhDoe@domain.com
JonhDoe@subdomain.domain.com

The priority of subdomain.domain.com is set to 1, and the priority of domain.com is set to 5.
When the user enters his username JonhDoe, he manages to access the domain.com that has lower priority, when he should access subdomain.domain.com

Is there a way that the user can choose which domain he wants to connect to from the VPN client?
For example, have the user enter JonhDoe@domain.com or
JonhDoe@subdomain.domain.com and from there it is determined which domain it will access?

We have a SMS and Firewall cluster on R80.30 version
Regards.

Re: Identity Awareness over VPN - Same user in different Domains

PhoneBoy — Mon, 17 May 2021 04:11:33 GMT

What version of client?
What authentication mechanism is being used?
I would think you could specify the full username (user@sub.dom.ain) as part of the authentication process.

topic Re: Identity Awareness over VPN - Same user in different Domains in SASE and Remote Access

Identity Awareness over VPN - Same user in different Domains

Re: Identity Awareness over VPN - Same user in different Domains