CaptivePortal Active Directory integration with UserPrincipalName attribute

Mk88_it
Mk88_it Posts: 58  Ally Member
First Comment Friend Collector Second Anniversary

Hi,

We would like to suggest you to change the AD attribute used by the Nebula Captive Portal Authentication Server integrated with AD to allow the AD users, from SamAccountName (a very old attribute with only 20 characters without domain suffix) to UserPrincipalName, or… at least, allow us to change it.

Thank You

2 votes

Active · Last Updated

Comments

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,074  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    edited November 2024

    Hi @Mk88_it,

    Could you share your current scenario with us?

    Zyxel Melen


  • Mk88_it
    Mk88_it Posts: 58  Ally Member
    First Comment Friend Collector Second Anniversary

    Yes my pleasure,

    We have configured a nebula captive portal using "My AD Server" with "External user Group" for authentication, and everything is working fine for 80% of AD users.

    Currently they are using the AD UPN (nome.surname@domain.xxx) to login to their workstations and all the other connected services. In some situations the UPN is different to the SAM , principally because it is limited to 20 characters. In that situations the users can't login trought captive portal using their mail address (AD UPN)

    If you want more details, you can contact me via PM

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,074  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @Mk88_it,

    I apologize for the delayed update.

    Our product team will monitor this idea post (the comments and votes) to evaluate this idea.

    Zyxel Melen


  • Ratsnackbar
    Ratsnackbar Posts: 5  Freshman Member
    First Comment

    I would agree with this idea as the UPN has been the single standard unique identifier for a user in Active Directory for years now. It is what Microsoft suggests be used as the uniqe identifer for users barring some unique non-standard requirement.

Nebula Tips & Tricks