could it be the problem, that the users are authenticated via RADIUS Server (Entrust Identity) / External User Profile?
in the pepd.elg i can see only this:
[21381 4057782144]@XXXXXXXX[14 Nov 8:06:25] [TRACKER]: #2721205 -> INCOMING -> IDP_ASSOCIATION ->
Association
ip: XX.XXX.XX.XXX
user: XXXXXXXX@domain
realm: vpn
machine:
domain:
client-type: 3
[21381 4057782144]@XXXXXXXXX[14 Nov 8:06:25] [TRACKER]: #2721206 -> OUTGOING -> IDENTITY_UPDATE -> pep (v4): 127.0.0.1pep (v6): , identity: UpdateInformation dump:
Unique ID : 4faeb2ea
Client type : 3, (Remote Access)
Time to live : 86430, 86400
Client ID : XX.XXX.XX.XXX, 0
Username : XXXXX@domain
Log Username : XXXXX@domain
Log UserDistinguishName:
User domain :
User groups : All Users, VPN-Intranet
Identity Role :
Client Type Array : 3
i would have thought, that Identity Awareness would use the Username and then do a lookup via LDAP to fetch the missing userdata, so it can matcht the corresponding Identity Roles.