RRAS SSTP with UserPrincipalName

We have DUO Authentication working for RRAS (SSTP) on Server 2019 by use of the pre windows 2000 logins. We would like to have it to work with the userprincipalname. For that we have a directory sync in the portal that uses this and that part seems ok.

In the authproxy cfg we have a line under [ad client] that also states to pick the userprincipalname.

Yet, when using a windows 10 desktop to connect to the vpn, only logging in with samaccountname works (wich is setup under directory sync as alias 1).

Some advice would be welcome.

Found it!

Add the following to the authproxy.cfg under [ad_client]

username_attribute=userPrincipalName

Go to the duo portal > applications and edit your application to set Username normalization to NONE.

Last bit it to add a username alias under directory sync and bind it to userprincipalname.

Wrote it down in Dutch on DUO MFA voor SSTP VPN met UPN – Steijvers.com