By default, when working with a 3rd party RADIUS server, there may be a username mismatch when authenticating through Centrify:
You are using Centrify Multi Factor Authentication and linking to an external RADIUS server
The RADIUS authentication is failing
The external RADIUS server says "username not found"
We send the username in one format (ie email) and the RADIUS server is expecting another format (ie short name).
In 17.3 there is a new RADIUS feature that lets you specify which attribute to send to the 3rd party server.
In the CIS Admin Console, navigate to Settings -> Authentication -> RADIUS Connections -> Servers tab
By default, the Canonical Name attribute is sent to the RADIUS Server. The Canonical Name is constructed as follows:
For AD users it is set to one of the following (in this order):
- userPrincipalName, if that field's format is usable (not empty and doesn't start with "@"), otherwise
- the concatenation of sAMAccountName, a "@", and the AD domain.
For Centrify cloud users it is the contents of the "Name" field.
You can configure the service to send any directory attribute. For many services, you will want to send the AD sAMAccountName attribute. (See below)
You can enter any Active Directory by entering the AD attribute in the Custom field.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.