I'm testing LDAP authentication on our ASA and it is working well. A problem I am experiencing though is that we have some users who log in as 'DOMAIN\user' and '[email protected]'. LDAP authentication doesn't appear to support this. I'm able to log in as 'user' just fine, but 'DOMAIN\user' and '[email protected]' do not work. I've enabled the options to strip the realm and group before sending to the AAA server, but it doesn't make a difference. Using '[email protected]' and 'DOMAIN\user' works fine when authenticating using RADIUS via IAS.
Does anyone know if there is a way to support 'DOMAIN\user' and '[email protected]' authentication while using LDAP authentication? Is there a way to just strip this information before sending it to LDAP?