Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martijn
Advisor
Advisor

Strip domain part from username in Endpoint Connect

Hello

One of our customer uses AD authentication when using remote access with Endpoint Connect. In the Endpoint Connect client, we are entering this AD username and password and this is working fine. The username is in the format: username.

But now, a second authentication step is needed with RADIUS and the RADIUS server requires the username to be in the pre-Windows 2000 format. So domain\username. We have configured the New Login Options feature within SmartConsole.

In this new setup, AD authentication works fine because the gateways recognizes the username by the entered username. But the second authentication step fails because the RADIUS server expects domain\username but just receives username.

If we enter domain\username in the Endpoint Connect client we get an unkown user right away.

Can we strip the domain part of the username entered in Endpoint Connect so Check Point recognizes the user, but send the complete name (including the domain) to the RADIUS server? Has anyone ever done this before?

Thanks for any help.

Regards,
Martijn

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee

Out of interest what is the Radius server, is it NPS or something else?

A lot of radius servers support the concept of domain / realm stripping or normalisation for these types of scenarios.

CCSM R77/R80/ELITE
0 Kudos
Martijn
Advisor
Advisor

Chris,

Customer uses Safenet. 

I also believe customer has several AD domains and several LDAP Account Unit objects and users are unique.
Maybe Safenet needs the domain part to search the correct domain.

Regards,
Martijn

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events