We have an active directory forest with 2 domains:
The first one as been configured in our PA2020 to allow VPN access through Radius and then we use AD groups to make policies rules.
All works fine. At login, users specify “username” and password without domain name.
Radius allows access and in PA2020 logs we can see user name: “domain1\username”
We need to add the second domain.
So we do the radius configuration, and then when user specify “domain2”\username the VPN login is allowed but the authentication transmit after radius login is wrong: “domain1\domain2\username”
We use a PA2020 cluster in 3.1.9.
How correct this?
Thanks in advance.
Are you using the same Radius server?
It sounds like the radius server is setup with the AD/Domain prefixed and when you use the second domain its prefixing the 1st domain to the second domain. Please contact support directly for assistance in setting up your authentication.
(8660 898-9087 or create a new case from your support portal.
Hi thanks for answer.
Yes we use the same twin of radius server.
Yes it's exactly what's happen. But the it's a bugg for us, just a little verification on the CHAR if caracter "\" "or "@" is present, do not prefix username.
A case was opened yesterday by our support.
just an upgrade to 4.0.3 from 3.1.9 and all work fine.
I think that an issue was fixed without any report in release note.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!