Jump to content
Welcome to our new Citrix community!

Enabled MFA with nFactor Authentication, how do I attach two LDAP bindings (sAMAccountName and UPN) in my Authentication vServer?


Recommended Posts

Rolled out MFA to our Citrix ADC appliance, used for Citrix Gateway. I followed this guide to do it, and everything works great.

 

The only issue I am running into is that for my LDAP binding, the configuration is set to use sAMAccountName, so if users try to login using UPN it fails.

 

Citrix has a KB on this that says to basically create 2 LDAP bindings, one using sAMAccountName and another one using userPrincipalName attribute. This works great if you are not using AAA, in that you simply bind both LDAP settings to the Citrix Gateway.

 

If I am using nFactor, how can I configure the authentication policy to use both LDAP profiles?

 

This is how its configured right now, and it works for sAMAccountName (this is what the ldaps_auth action is configured to use).

 

image.thumb.png.5d12b4a01ccbcf47b17d9d7eabf0bccb.png

 

If I try binding another policy that uses ldaps_auth_upn action (configured for userPrinciaplName), it does not work.

 

image.thumb.png.3e9082eb7f7277bd6052a0ce21f4a83a.png

 

I suspect I am missing something here, its probably hitting the first policy calling ldaps_auth and fails instead of trying ldaps_auth_upn.

 

Anyone able to provide some guidance to this? How can I get both sAMAccountName and UPN logins working under nFactor?

Link to comment
Share on other sites

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...