Hi all,
I want to change the default filter query for my AD-source, so that a user can identify using the sAMAccountname OR
userPrincipalName.
I found the following filter on
this blog post that adds the UPN to the filter:
(|(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))(&(objectClass=user)(userPrincipalName=%{Authentication:Username})))
Once I apply it, It seems that ClearPass cannot contact the authentication source anymore.. I get the following error when trying to login to ClearPass with a AD-administrator (as a AD-test);
Error Code: |
Failed to contact AuthSource
|
Alerts for this Request:
Tacacs server |
search Failed. Failed to authenticate user=<userX> |
I don't understand why this is happening, is the filter not complete? Once I reset the filter to default
"(&(sAMAccountName=%{Authentication:Username})(objectClass=user))" it works again.
------------------------------
Lex K.
------------------------------