Forum Discussion
Stanislas_Piro2
Jun 22, 2015Cumulonimbus
Are you sure external logon page POST is working? Did you change "Max Logon Attempts Allowed" to 1 to go through fallback if the user does not exist in the first AD? What is the format of username?
- username (SAMAccountName)
- Domain\user
- username@fqdndomain (userprincipalname)
if provided username is not SAMAccountName, the better way is to define branches in the external logon page with expression like:
expr { [mcget {session.logon.username}] ends_with "@domain1.local" || [mcget {session.logon.username}] ends_with "domain1\\"}
and authenticate on the right AD.