Hello,
I have some issues with the NPS server. I use NPS as a RADIUS to manage 802.1x authentication on a WiFi network. Active Directory has DNS name domain.cz, that is not the same as our public DNS. Now we would like to join our WiFi network to Eduroam. Under the
terms of Eduroam we have to use the same realm as our public DNS, not internal. The goal is therefore to authenticate requests with realm @publicdomain.cz in our Active Directory. So I´ve created a Connection request policy and using manipulation attribute
rules changed realm in user attribute from @publicdomain.cz to @domain.cz, but it doesn´t work. In logs I can see that replacement was successfull, the user is found in Active Directory but the access was denied with reason:
If a request contains user in form of user@domain.cz (realm is the same as our internal AD DNS), it is verified with no problem.
According to this article (https://msdn.microsoft.com/en-us/library/cc753603.aspx) user attribute must not be changed if EAP type is MSCHAPv2 and if the policy is used to forward the RADIUS message, but I don´t think this is the case.
How should I solve the problem above? I´ve tried to configure NPS on Windows Server 2008 R2 and 2012 R2 with no luck.
JK