How to ignore username's NTLM or "down-level logon name" domain name prefix sent by a radius client or agent in RSA Authentication Manager 8.x
a year ago
Originally Published: 2015-01-13
Article Number
000066590
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Palo Alto / Radius client
Issue
Security Console - Setup - System, Agents, allows conversion of NTLM names to UPN names.
The UPN Keywork RSAOMIT allows stripping off of NTLM names from in front of a UserID, so you are left with a SamAccountName 
Resolution
Here is how to strip or ignore the domain name for the example COGWELLCOGS\userid.
  1. Go to Security Console > Settings > Agent Settings.
  2. In the section Domain Name Mapping, enter the domain name in the NTLM Name (for ex. COGSWELLCOGS).
  3. Enter RSAOMIT in the UPN Name. RSAOMIT is a keyword which will suppress only the NTLM Name specified. If you have more than one DOMAIN to omit, add additional mappings to RSAOMIT.
  4. Click Save to save changes.

COGWELLCOGS\userid will now authenticate as user id userid.
NTLM2UPN_setup
 

Related Articles

Trending Articles

Don't see what you're looking for?