Security

Reply
Frequent Contributor II

LDAP filter for Machine+User authentication with same names

We have a group of computers that have the same name as their user. When these users go to connect on any device (all networks are running eap-tls), it shows Authentication Failure, Unknown User. When entering the username into the Attribute Filter it brings up both the user and computer object.

 

The computer objects still need to be found for the computer certificates to be checked, and users need to be found to do user cert checks.

 

Here is our Current Filter:

(|(&(objectClass=user)(cn=%{Authentication:Username}))(&(objectClass=user)(sAMAccountName=%{Authentication:Username})))

 

Outside of renaming the computers to have unique names from users, What options do I have available?

Re: LDAP filter for Machine+User authentication with same names

Shouldn't one of them be

(objectClass=Computer)

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Frequent Contributor II

Re: LDAP filter for Machine+User authentication with same names

We're checking both CN and sAMAccountName due to some odd structures in our AD.

However all our computer objects are still being checked with this query

Frequent Contributor II

Re: LDAP filter for Machine+User authentication with same names

After taking a further look into our AD schema, it seems that the computer object class is a child of the user object class.

Has anyone done TLS, with machine and user authentication, where the computer and user names are the same? I'm hoping there is a workaround I can get instead of renaming a lot of computers.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: