We are using Microsoft IAS on windows 2003 for JANET roaming.
I am now trying NPS on windows 2008R2 server.
I have a problem when trying the user-name manipulation rules, which might be similar to Stevens problem below.
I am trying to strip the domain off a username before passing it to the active directory.
This worked with IAS.
For example, in my testing, NPS receives a user-name of [log in to unmask] from a 802.1x client using EAP-PEAP-mschapv2.
The ream stripping rule I am using is -- match (.*)@ncl.ac.uk and replace with $1 (ie the user-name).
In IAS this worked.
With NPS, after turning on logging, it looks like the outer username is stripped, but the inner user-name is not.
This results in an NPS error 16 - username or password does not match an active directory entry.
...and yes - i really have got the correct password :-)
If I simply supply user (without the domain portion) it just works - but i need to use domain stripping rules in our RADIUS implementation.
Is anyone using NPS with domain stripping rules?
Can you give any hints as to how I can work around this?
Is migrate to FreeRadius the answer???
Many thanks for any replies.
Ian Alder
ISS
Newcastle University
>-----Original Message-----
>From: JANET Roaming Service [mailto:[log in to unmask]] On
>Behalf Of Steven Carr
>Sent: 01 December 2010 15:59
>To: [log in to unmask]
>Subject: Re: IAS and NPS roaming advisory
>
>On 01/12/2010 15:53, Phil Mayers wrote:
>> At the present time, we do not believe NPS can be made to transmit the
>> Operator-Name attribute.
>
>Just tacking on the back of this post, apologies. Does anyone have any
>comprehensive instructions for configuring NPS on 2008 R2. I did have a
>go with the ones found on the American Eduroam site, but it just didn't
>seem to work. We also have an extra requirement in that we want to block
>our own sunderland.ac.uk users from connecting to eduroam whilst on
>campus wirelss, so they have to use our NAC solution and not just bypass
>it by using eduroam.
>
>Thanks
>
>Steve
>
>--
>Steven Carr
>Systems Development Officer
|