search for: cc772007

...! I need to allow smartcard authentication of a third party certificate generated with an UPN that has a suffix that is not my domain name. From AD literature, it's possible. I followed these guidelines to make an additional UPN available for login: https://technet.microsoft.com/en-us/library/cc772007.aspx But I'm missing something. Kerberos does a part of the job, but then fails to find the user. *Kerberos: found MS UPN SAN: marcelo.rabelo-andrade at notmydomain* *Kerberos: Found matching MS UPN SAN in certificate* *Kerberos: PKINIT pre-authentication succeeded -- marcelo.rabelo-andrade\@...