Here’s a quick note for anyone looking to understand how they can allow either the standard samAccountName (username) or the userPrincipalName (usually the email address) to be used by users when logging into the GlobalProtect VPN client when authenticating against Windows Active Directory via LDAP.

I will assume that you already have basic username authentication working. So this post will outline how you can add the ability for users to use the userPrincipalName as opposed to their samAccountName (username).

Step 1. Assuming you already have an Authentication Profile setup to authenticate usernames (samAccoutName) you’ll need to clone that profile and then update the Login Attribute to “userPrincipalName”.

Step 2. Create an Authentication Sequence that includes both your Authentication Profiles, the original profile along with the profile you created in the step above. In the example below I’m using “auth_ldap”.

Step 3. Update your GlobalProtect Portal Configuration Client Authentication to reference this new Authentication Sequence. Network -> GlobalProtect -> Portals, edit your configuration and update the authentication profile to “auth_ldap”.

Step 4. Update your GlobalProtect Gateway Configuration Client Authentication to reference this new Authentication Sequence. Network -> GlobalProtect -> Gateways, edit your configuration and update authentication profile to “auth_ldap”.

Step 5. Commit your changes.

With that all done you can now test, using either your samAccountName (username) or your userPrincipalName (usually the email address of the user).

Cheers!

These are very small business offices, doctor’s offices and senior executives homes where we don’t need the features that an Ethernet Routing Switch 4500 or 5500 series switch would provide. There are really fours variables to keep in mind; price, size, noise and features. One of the features we were looking for was Power over Ethernet (PoE) ports for an IP phone and/or a wireless access port.

We evaluated the BES50FE-24T PWR and the BES50GE-24T PWR and they both performed nicely in bandwidth tests. We did observe some odd behavior with some different end devices that all seemed to be resolved when we upgraded the switches to that latest software release (v1.0.5.0 for the BES50GE-24TPWR and v1.0.3.0 for the BES50FE-24TPWR).

Quick Install Guide

Default Username: nnadmin
Default Password: PlsChgMe!

Default Read Only SNMP String: PlsChgMe!RO
Default Read-Write SNMP String: PlsChgMe!RW

I’ve generally found that the BES50 will default to an IP address of 192.168.1.128 although Nortel advises the use of the Nortel Business Element Manager to search for the device (please refer to the Quick Install Guide above).

Cheers!

Update: January 12, 2009

How do you factory reset the BES50?

When pressed for 5 seconds, the reset button reinitializes the switch. This returns the switch to the factory default settings if, for example, you forget the default IP address, your user name, or your password.

The reset button is found on the front of the BES50 as depicted in the graphic above. The actual button is approximately 1 inch inside the faceplate and Nortel advises that you use a non-metallic object to depress the button.

Cheers!