cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX65 Client VPN with UPN

SOLVED
Conversationalist

MX65 Client VPN with UPN

Community Members

I have been unable to use UPN (User Principal Name) when entering credentials for Win10 client VPN. The AD connected PCs accept UPN without issue but client VPN requires sAMAccountName.

Basically, client VPN requires this format

Domain\Username

But any other connection to the DC can use the Username@DomainName format.

Has anyone else experienced this and if so were you able to fix it?

Best Regards,

Stach53 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: MX65 Client VPN with UPN

When you're doing a direct AD connection from the MX it looks like the domain/username format is the only supported format. 

 

The client config guide indicates that it must be domain/username:

 

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview#Active_Directory

 

I don't see anything in the main KB doc that indicates otherwise either.

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...

 

Maybe a good question for support if no one here has an answer. I only have one customer using this and they're doing domain/username. 

View solution in original post

7 REPLIES 7
Kind of a big deal

Re: MX65 Client VPN with UPN

How are you authenticating users to your client VPN? When I use RADIUS, folks just enter their user name to login. No domain name required.

Conversationalist

Re: MX65 Client VPN with UPN

It is using Active Directory authentication.

Highlighted
Kind of a big deal

Re: MX65 Client VPN with UPN

When you're doing a direct AD connection from the MX it looks like the domain/username format is the only supported format. 

 

The client config guide indicates that it must be domain/username:

 

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview#Active_Directory

 

I don't see anything in the main KB doc that indicates otherwise either.

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...

 

Maybe a good question for support if no one here has an answer. I only have one customer using this and they're doing domain/username. 

View solution in original post

Conversationalist

Re: MX65 Client VPN with UPN

UPN will not work with older clients like W98 and prior. Maybe it's for backward compatibility but W98?? Thanks for the input JD. 

Kind of a big deal

Re: MX65 Client VPN with UPN


@Stach53 wrote:

UPN will not work with older clients like W98 and prior. Maybe it's for backward compatibility but W98?? Thanks for the input JD. 


May I humbly suggest that you really should replace anything older than Win8? Changing the W98 machines to Win7 would be better, even though Win7 is going end of support shortly.

 

Edit: Unless I misread and this is MSFT retaining backwards compatibility to Win98. In which case, uh, I absolutely have clients with e.g. domain-joined HVAC controllers that run on Win98 that won't be going away any time soon. What horrors lie in network shadows.

Conversationalist

Re: MX65 Client VPN with UPN

We're all Win10 but being x-manufacturing, I understand the need to retain old OSs. Still wish they would allow both user name types. It doesn't take much to confuse the end users when you have different naming conventions at password time.

Kind of a big deal

Re: MX65 Client VPN with UPN

>We're all Win10 but being x-manufacturing, I understand the need to retain old OSs.

 

I have a manufcaturing client still using MS-DOS.  The MS-DOS computers are embedded into large one-off custom built factory machines.  The cost of changing the manufacturing plant is eye watering.  So MS-DOS will be around for a while for them.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.