HPE Community
Security e-Series
1832307 Members
2092 Online
110041 Solutions
New Discussion

Authenticating MFPs against Active Directory - Having problems.

 
MGardiner
Occasional Visitor

‎07-14-2014 01:45 PM

‎07-14-2014 01:45 PM

Authenticating MFPs against Active Directory - Having problems.

I have been scavenging for answers for a while on this, and am generating this question because I haven't found anything that works.

 

I am looking to set up an assortment of MFPs, running a mixture of older firmware and FutureSmart firmware, and I am having problems.

 

I am in a Windows domain enviroment, and my goal should be simple.  I need to set up a number of MFPs to autheiticate against Active directory, using the domain User ID and password.

 

While I would have thought this to be simple, it is proving anything but.

 

I am using LDAP autheitication for this task.

 

It appears that the MFPs insist on building a Distinguished Name.  They do this by taking the supplied ID and building it into the leading CN element of a DN string.  The problem is that over the years, various iterations of Windows have changed the defaults in creating users.  We have a mix of IDs where the CN is the samne as the User ID, and others where the CN is the same as the display name.  The result is that the DN of any given ID uses one element or the other depending on the age of the account. What I really want to accomplish is to have the entered credentials matched against the sAMAccountName, have the Display Name and e-mail retreived, and used as appropriate for the function in use at the time.

 

The best I have managed so far is to use CN as the Bind prefix on the User credentials, which works if the CN is the same as the sAMAccountName. These IDs can authenticate, others cannot. Even when the long form of the name name is given as indicated in the DN field of the AD record, the authentication fails.

 

Mass editing of the AD records is not really practiical.  I would be interested in suggestions as to how the User ID can be made to work across both old and new entries.

 

Thanks for any ideas.

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.