Jump to content
Welcome to our new Citrix community!

AAA with Kerberos & NTLM - UPN different to AD domain

Recommended Posts

I'm trying to follow CTX212252 and it works for non-domain joined machines who get prompted for credentials and can login fine (with either UPN or samaccountname).


However domain joined machines don't get a prompt (as you'd expect) but get an error message when signing into ShareFile of "You are not allowed to login. Please contact your administrator".


Situation is our UPN is user@company.com (we have added company.com as an additional UPN suffix) but our AD domain is oldcompany.com.


Looking at aaa.debug a non-domain joined user logs in fine and the log shows user@company.com passes through and auths fine.  Domain users however, the log shows the auth failing and the username that it's trying to auth is user@oldcompany.com which is not a valid UPN.


Any ideas on how we can get the NetScaler to work, or alternately what changes should we look at via GPO/reg change/whatever?







Link to comment
Share on other sites

  • 1 year later...
  • 10 months later...
  • 5 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...