Hopefully
someone can shed some light on our situation: We are deploying UAG (yes we will
move to WAP down the road this project was in the pipeline already!) using SSL
for client AuthN. The problem is bad PKI directory data and the way the user
certificates are cut. Unfortunately it's not an option to change this. We are
using SubjectCN right now. Although in the SAN field there is the RFC822
populated with the email address. But for now we went down the SubjectCN route.
Setup is like this:
SubjectCN =
lastname firstname username
So we created the shadow accounts using that format for the CN and UPN attributes on
the shadow accounts. (CN=lastname firstname username and UPN = lastname
firstname username@domain.ib.
When the users try to log into UAG it pulls the SubjectCN and then querys AD with that
value against the samaccount name and/or UPN which with the spaces is a no go
I'm guessing.
But for some users UAG rolls over to use the CSolver:CrackADUserName Solver and changes
the user name value to <domain>/lastname firstname username which seems
to work for some users but not all users.
This driving us nuts!
Thanks!!
- Edited by eightbitzme 16 hours 26 minutes ago