Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

User Logon Name for Authentication

  Asked By: Jennifer    Date: Nov 12    Category: Sharepoint    Views: 1594

We have some external users whose accounts in AD are created with two user
names. In "Active Directory Users and Computers", they are called "User
Logon Name" and "User Logon Name (pre-Windows 2000)"; in an LDAP browser,
they are called "userPrincipalName" and "SAMAccountName".

The reason for the difference (as I understand it) is that we use email
addresses as account names for external users, and the "@" in an email is
invalid for the SAMAccountName. So at account creation, we generate a hash
for the domain part of the email. For example, the "userPrincipalName"
might be "joesmith@...", and the "SAMAccountName" might be

Right now, our SharePoint servers require such users to enter the
SAMAccountName to authenticate, rather than the userPrincipalName. (We are
using Basic Authentication with SSL, because many users are on computers
that are not bound to the domain.) Obviously, we would prefer that they be
able to use the friendlier "User Logon Name" (userPrincipalName).

What do we have to do to get there?



3 Answers Found

Answer #1    Answered By: Emerson Franks     Answered On: Nov 12

You shouldn't need to use Basic Auth just because some client machines
aren't on the domain.

Answer #2    Answered By: Ned Storm     Answered On: Nov 12

The situation is a little more complex than I let on. We CAN use NTLM for
authentication, even for Firefox and Safari users, even for machines not on
the domain. However, IE users  on machines not on the domain _must_ precede
their login ID with the domain name and a backslash. IE will not use the
default domain suggested by the server, and instead uses the server's name
as the domain (Firefox and Safari get this right). Of course, the users have
active directory  accounts, not local accounts  on the server. So we have a
customer training and support problem if we use NTLM, which the central IT
services group decided to duck.

Basic is not as bad as it might seem since all the traffic is SSL.

Answer #3    Answered By: Myron Calhoun     Answered On: Nov 12

I know you will get quite a few people going when talking about using
the External Collaboration Toolkit for SharePoint because the old story
was that it didn't support CLIENT INTEGRATION with FORMS BASED
AUTHENTICATION. That is no longer an issue and ECTS uses ADAM (Active
Directory Application Mode) to create user  accounts based on email

If you would like to hear more about using ECTS, please let me know.
The author David Mowers and I have worked on this solution time and time
again. It works.

Didn't find what you were looking for? Find more on User Logon Name for Authentication Or get search suggestion and latest updates.