000029392 - AM 8.1: how to ignore username's NTLM or "down-level logon name" domain name prefix sent by a radius client or agent

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029392
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
Palo Alto / Radius client
Here is how to strip or ignore the domain name for the example COGWELLCOGS\userid.
AM 8.1 Security Console; Settings; Agent Settings.
In the section "Domain Name Mapping"
enter this in the NTLM Name:    COGSWELLCOGS   <- substitute your NTLM domain name here
enter this in the UPN Name:       RSAOMIT

RSAOMIT is a keyword which will suppress only the NTLM Name specified.
If you have more than one DOMAIN to omit, add additional mappings to RSAOMIT
<save> changes
COGWELLCOGS\gjetson will now authenticate as user id gjetson .