Get users logged without domain authenticate in Exchange (APM)
Hello, i need some help with an Exchange deployment in APM
It has NTLM authentication and Kerberos SSO in a multidomain setup (5 different AD)
All works fine if the users specify the domain in the login, but if they use only the username, the auth fails.
We can force the domain in the user field using a variable
Branch rule: expr { [mcget {session.logon.last.domain} ] eq ""
and the variable assign: expr { [mcget {session.logon.last.domain} ] eq "domain"
This looks fine in the APM debug, but the exchange client fails, returnig an error in domain/user/pass
Sep 9 16:21:19 slot3/AXF5BLCWEBPUB2 info apmd[5236]: 01490007:6: /Common/AP-EXCHANGE-PRE_2013.app/exch:Common:bed1a199: Session variable 'session.policy.result' set to 'allow'
The only difference we can see is in the uui log, as far as i know it shoudl not be a problem at all.
KO:
Sep 9 16:25:20 slot3/AXF5BLCWEBPUB2 info apmd[5236]: 01490007:6: /Common/AP-EXCHANGE-PRE_2013.app/exch:Common:1c242e8d: Session variable 'session.assigned.uuid' set to 'tmm.uuid.miguelllo.f391eedee46ff11ea7c6aeab1cd73fc7'
OK:
Sep 9 16:21:19 slot3/AXF5BLCWEBPUB2 info apmd[5236]: 01490007:6: /Common/AP-EXCHANGE-PRE_2013.app/exch:Common:bed1a199: Session variable 'session.assigned.uuid' set to 'tmm.uuid.domain\miguelllo.8eb47aecda6bd16c1bc66f4f94d3bb52'
All other variables seem the same with both methods. We suspect an internal problem with the SSO, but for some reason we can't see any log activating the debug for the access policy.
Any idea to get users entered without domain working?
Thanks in advance