Displaying 1 result from an estimated 1 matches for "cc772007".
Did you mean:
cc2007
2015 Aug 31
0
smartcard login - multiple UPN suffixes
...!
I need to allow smartcard authentication of a third party certificate
generated with an UPN that has a suffix that is not my domain name. From AD
literature, it's possible.
I followed these guidelines to make an additional UPN available for login:
https://technet.microsoft.com/en-us/library/cc772007.aspx
But I'm missing something. Kerberos does a part of the job, but then fails
to find the user.
*Kerberos: found MS UPN SAN: marcelo.rabelo-andrade at notmydomain*
*Kerberos: Found matching MS UPN SAN in certificate*
*Kerberos: PKINIT pre-authentication succeeded --
marcelo.rabelo-andrade\@...