Forum Discussion

ppater_73099's avatar
ppater_73099
Icon for Nimbostratus rankNimbostratus
Sep 24, 2012

APM "drive mappings"

Hi all,

 

When creating a drivemapping is it possible to auto fill in the username/password that it will use by logging to the portal? After setting up an network acces I need to login to Map a Drive.

 

Access Policy ›› Network Access : Network Access List ››

 

 

Something like SSO?

 

Please let me now.

 

Best Regards

 

Patrick Pater

 

  • Did you get this figured out? It is pretty easy in Firepass. I'm not sure why they haven't extended this feature to APM.
  • This is not allowed today. I opened a case with F5 and submitted an RFE... Please open a case and get it attached to the BugId below and we might be able to get this included sooner than later.

     

     

    Bug 366959 - RFE Implement SSO for Network Access Windows Drive Mapping

     

     

    Seth
  • This is supposedly fixed in 11.4, where the APM credentials are used for the drive mapping, as opposed to the Windows credentials.

     

  • I have 11.4 loaded and I don't see an option to configure the SSO drive mapping.

     

    Seth

     

  • I was told that this wasn't an option, but a change in behavior. I haven't had a chance to upgrade/test yet but I'll update the post as soon as I do.

     

  • We're now running 11.4.1 and drive mapping authentication is still failing. This is the only thing keeping us from migrating from Firepass. I guess I'll open another case.

     

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      please do report back on that, quite interested in the answer.
  • Mates, I have the same issue, drive mapping ca't use the sso chredentials

     

    I tried also something like this:

     

    drive mapping

     

    \nas.company.com

     

    changed to

     

    \{session.logon.last.username}:{session.logon.last.password}@nas.company.com

     

    but no go

     

    Any other feedback ?

     

    Thx, Nicola.

     

  • You could try the following, setup drive mapping via launch application like so:

     

    \10.10.4.77\share %{session.sso.token.last.password} /user:%{session.logon.last.domain}\%{session.logon.last.username}

     

    And ensure you have SSO Credential Mapping element in the policy. This should get your share to mount without inputting the credentials.

     

    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      Hi, it works for me. I just added /persistent:no to disconnect the shared drive after reboot
    • Wojciech_Wypior's avatar
      Wojciech_Wypior
      Icon for Nimbostratus rankNimbostratus
      I forgot to mention to use "net use" command, see: http://technet.microsoft.com/en-us/library/gg651155.aspx for syntax, for example: net use v: \\10.10.4.77\share /user:%{session.logon.last.domain}\%{session.logon.last.username} %{session.sso.token.last.password} Note: everything after "net" command is parameter and has to be specified in the parameters box, otherwise Windows will not launch it :) Also if the environment variables are not set for windows\system32 for some reason the path needs to be specified. There is one caveat, the share will stay mapped after VPN is disconnected, so like mentioned by Yann you should add /persistent:no as well. Also its worth noting that when using Edge client, the normal drive mapping works with SSO, as with Edge we would send the APM user credentials. In contrast, web browser will send the Windows client credentials and not APM user logon credentials, hence the SSO will not work.
    • matt_64003's avatar
      matt_64003
      Icon for Cirrus rankCirrus
      Once connected, the user is prompted to allow the command to run for each mapped drive, at which point a command window pops up until that mapping is complete. This is rather painful for the users when you have four to five drive mappings like we do. The other issue is that the drives persist even after Network Access has disconnected. The /persistent:no option only applies when the system is rebooted. We still have thousands of users on Firepass where drive mappings and disconnections happen transparently to the user. It will be difficult to migrate them from Firepass to APM with this kind of APM experience. At the same time, F5 is not supporting Windows 8.1 with Firepass so they've kind of pushed us into a corner. I hope they fix this. I also made a request through our sales team.
  • I have tried all the above but no luck. Finally I found the way. you should use the syntax as follow for win 7 and win10

     

    application name : net

     

    path : use v: \10.10.4.77\share /%{session.sso.token.last.password} user:%{session.logon.last.domain}\%{session.logon.last.username}