• State Suggested Answer
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 4351 views
  • Users 0 members are here
Options
Related

User Mapping Policy not being applied to LDAP user

robert_68868
over 3 years ago

I have setup user access to SPS using LDAP, which works. I can sign in as an LDAP user into the SPS web portal ok

Then created a user mapping policy which maps any local user name on a test sever to an LDAP group, which my LDAP user is a member of

My RDP connection  to the tester is using user the user mapping policy,

When I RDP onto the test server via the SPS web interface, my test account crednetials are recgonised, but if I sign into the SPS portal as that user, I can see the connection user gateway authentication, but no user or remote user name is shown.  the RDP connection displays a blank screen.

If I remove my user mapping policy from the RDP connection I can connect onto the test server ok.  What am I doing wrong?  I want to use user mapping, so my test user can sign onto the server as the local administrator

thanks!

  • 0 over 3 years ago in reply to Tawfiq.Ahmad

    Hi

    I have seen on the security logs on the target server,  that the user is failing to login, but the domain account name NEL is being appended to the user name, which we don't need because the target server is not on this domain.

    How can we force the RDP connection use the local user Robert on the SPS?

    Log Name: Security
    Source: Microsoft-Windows-Security-Auditing
    Date: 5/02/2021 2:56:41 PM
    Event ID: 4625
    Task Category: Logon
    Level: Information
    Keywords: Audit Failure
    User: N/A
    Computer: johnny5
    Description:
    An account failed to log on.

    Subject:
    Security ID: NULL SID
    Account Name: -
    Account Domain: -
    Logon ID: 0x0

    Logon Type: 3

    Account For Which Logon Failed:
    Security ID: NULL SID
    Account Name: Robert
    Account Domain: NEL

    Failure Information:
    Failure Reason: Unknown user name or bad password.
    Status: 0xC000006D
    Sub Status: 0xC0000064

    Process Information:
    Caller Process ID: 0x0
    Caller Process Name: -

    Network Information:
    Workstation Name: DESKTOP-JPE2C8O
    Source Network Address: 192.168.90.236
    Source Port: 0

    Detailed Authentication Information:
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0


    </Event>

  • 0 over 3 years ago in reply to robert_68868

    Hi,

    The local account in SPS named "Robert" is not the one to be used to login to the target server but this is only used to login to SPS web ui as the gateway user.

    On the other hand, you need a local user that exists in the target server which will be used to login as the remote user on that server.

    Therefore in RDP client, you would specify the localuserintarget%targetserverIp