SSO shows email address instead of domain name when user authenticates to external exchange server

Description

Users are being recognized correctly by SSO Agent at first login but after they authenticate to external exchange server, the username is the email address.

After the authentication to the external exchange server, the DC Logs may retrieve the email address as Domain Name and so the firewall policies won't be correctly applied.

NetAPI / WMI correctly recognize users with their domain username.

Cause

DC Log Subscription and DC Log Polling methods will retrieve the wrong username in cases like this.

Resolution

Here's how to solve the issue:

  • Go to your SSO Agent (Directory Services Connector)
  • Configure each of your Domain Controllers to use Server Session for DC instead of DC Log Subscription/DC Log Polling.

    Image

  • Delete all active users from the SSO Agent and logout all of them from the SonicWall.

Now usernames should be correct even after authenticating to exchange server and firewall policies will be correctly applied.

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
User Login
Firewalls
SonicWall SuperMassive 9000 Series
User Login
Firewalls
SonicWall SuperMassive E10000 Series
User Login
Firewalls
TZ Series
User Login
not finding your answers?
Ask the Community