Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Clientless webvpn ad-username length?

Hi,

We have webvpn portal at ASA5510 (Software Version 9.0(2)) and LDAP authentication between Microsoft Active Directory.

Our customer created new useraccounts in active directory, which had usernames over 21 characters, for example if username is: "company1.user1.normaluser" cisco won't allow login, but if we just write "company1.user1.norma" so it will be 20 characters, then we can login.

Is there limitations for this and can we change it so we could login with the full username?

Regards,

OH

Everyone's tags (3)
1 REPLY
New Member

Clientless webvpn ad-username length?

Answering to mysel:

A Microsoft Windows NT version 4.0 or earlier logon name is given to all  accounts, which by default is set to the first 20 characters of the  Windows 2000 logon name. The Windows NT version 4.0 or earlier logon  name must be unique throughout a domain.

So when using:

ldap-naming-attribute sAMAccountName == pre win2000 logon name, limited to 20character

ldap-naming-attribute userPrincipalName == username@domain.local for example

Case closed!

134
Views
0
Helpful
1
Replies
CreatePlease login to create content