Heartbeat Auth waiting on Central Update? Using incorrect Domain config for Access Server

Hi,

As far as i know, the current Endpoint does not work properly. He is only sending the domain (netbios) instead of the FQDN. So XG will decline the request of User ID. 

You can get this working, if you change your authentication server (AD) to netbios only - but this will cause new user. 

There is a new client in central in the pipeline to fix this. It is not related to XG17.5 - Basically V17.5 perform everything correctly. Is is an Central EP issue. 

Hi Lucar,

That is as I suspected, as the XG is designed to use UPN type logon, when will the client be updated as I will expect that to be a priority because I will not change any existing configuration to Netbios logon due to user duplication. I would have expected either the access_server updated to properly handle both UPN and Netbios or the client to have been updated at the time of this Beta. This is an important feature as the Support case load due to STAS and NTLM issues is high and the Central Auth source will be quite valuable to offset these issues for Sync Sec Customers.

To users:

Please take note to any that use Netbios only authentication to keep an eye out for escape character user issues. This is where the user authentications with \b, \t etc usernames like "domain\timdoe" may appear in the user list as domaiimdoe and fail future authentications.

To double check this is happening, log onto the CLI Advanced Shell and run the following commands to read if the there are users with ASCII escape characters in your database. This can prevent further importation of groups and other unexpected variables to occur:

psql -U nobody corporate -c "select username from tbluser where username like '%\n%'"

psql -U nobody corporate -c "select username from tbluser where username like '%\b%'"

psql -U nobody corporate -c "select username from tbluser where username like '%\t%'"

If you get any returns, you should delete those users or stop using Netbios only logon.

The commands are provided as is and are not designed or intended to infer changes to your system the commands are run at the users own risk.

Emile

Hi Lucar,

That is as I suspected, as the XG is designed to use UPN type logon, when will the client be updated as I will expect that to be a priority because I will not change any existing configuration to Netbios logon due to user duplication. I would have expected either the access_server updated to properly handle both UPN and Netbios or the client to have been updated at the time of this Beta. This is an important feature as the Support case load due to STAS and NTLM issues is high and the Central Auth source will be quite valuable to offset these issues for Sync Sec Customers.

To users:

Please take note to any that use Netbios only authentication to keep an eye out for escape character user issues. This is where the user authentications with \b, \t etc usernames like "domain\timdoe" may appear in the user list as domaiimdoe and fail future authentications.

To double check this is happening, log onto the CLI Advanced Shell and run the following commands to read if the there are users with ASCII escape characters in your database. This can prevent further importation of groups and other unexpected variables to occur:

psql -U nobody corporate -c "select username from tbluser where username like '%\n%'"

psql -U nobody corporate -c "select username from tbluser where username like '%\b%'"

psql -U nobody corporate -c "select username from tbluser where username like '%\t%'"

If you get any returns, you should delete those users or stop using Netbios only logon.

The commands are provided as is and are not designed or intended to infer changes to your system the commands are run at the users own risk.

Emile