Jump to content
Welcome to our new Citrix community!

Netscaler passthrough Storefront UPN not working if samaccountname is different than UPN name


Robby Lambrechts

Recommended Posts

Hello,

 

I've a very weird issue: I've setup  LDAP authentication with netscaler ADC to passthrough to Storefront. I've setup 2 ldap policies 1 with samaccountname, the other with userprincipalname. However only if a user where the samaccountname is different than the userprincipalname then I can't logon externally via netscaler with only the upn and I receive storefront citrix authentication issues with the following:

CitrixAGBasic single sign-on failed because the credentials failed verification with reason: Failed.

The credentials supplied were;

user: user1

domain: domain.local

However the upn what I'm filling in, is this one: user1@domain.com not user1@domain.local (the samaccountname is domain\user1.test. If I try this locally without netscaler then upn works and I can login. I've already tried checking in storefront to fullly delegate credentials to the citrix gateway, but the issue is the same, also adding trusted domains doesn't help either. I'm presuming it's the netscaler adc not passing the domain credentials correctly to the storefront server, or the storefront server is thinking the netscaler is using samaccountname instead of the upn and then the logon fails.

 

It IS correctly working with this situation:

upn: user2@domain.com and samaccountname: domain\user2 then I can logon externally perfectly.

 

I'm really clueless at the moment. Did someone have/had the same problem and solve it? I've already updated to the latest version of Storefront 2203 LSTR CU1, which I thought would resolve the issue, because of an issue with delegation, but it didn't help.

 

Thank you in advance!

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...