CaptivePortal Active Directory integration with UserPrincipalName attribute

Mk88_it · November 2024

Hi,

We would like to suggest you to change the AD attribute used by the Nebula Captive Portal Authentication Server integrated with AD to allow the AD users, from SamAccountName (a very old attribute with only 20 characters without domain suffix) to UserPrincipalName, or… at least, allow us to change it.

Thank You

Zyxel_Melen · November 2024

Hi @Mk88_it,

Could you share your current scenario with us?

Mk88_it · November 2024

Yes my pleasure,

We have configured a nebula captive portal using "My AD Server" with "External user Group" for authentication, and everything is working fine for 80% of AD users.

Currently they are using the AD UPN (nome.surname@domain.xxx) to login to their workstations and all the other connected services. In some situations the UPN is different to the SAM , principally because it is limited to 20 characters. In that situations the users can't login trought captive portal using their mail address (AD UPN)

If you want more details, you can contact me via PM

Zyxel_Melen · December 2024

Hi @Mk88_it,

I apologize for the delayed update.

Our product team will monitor this idea post (the comments and votes) to evaluate this idea.

Ratsnackbar · March 28

I would agree with this idea as the UPN has been the single standard unique identifier for a user in Active Directory for years now. It is what Microsoft suggests be used as the uniqe identifer for users barring some unique non-standard requirement.

CaptivePortal Active Directory integration with UserPrincipalName attribute

Active · Last Updated November 2024

Comments

Categories

Nebula Tips & Tricks

Nebula Help Center