We use NPS (on 2008R2) to authenticate 802.1x access to our wired and wireless networks using both certs and PEAP.
We are in the process of a merger and I'd like to forward radius requests for users in the remote domain to their radius server.
The local radius servers are configured as clients on the remote and I've configured a Connection Request Policy to forward requests based on user name.
If I set a username condition of ^RemoteDomain\\.*, logging on by PEAP works with the format DOMAIN\UserName.
But I can't for the life of me work out how to get it to work for PEAP (the forwarding, that is) with the user UPN, or with certs, which also use the UPN as the username (indicated ion the NPS logs).
The UPN can be either User.Name@RealDomain.com orUserName@RemoteDomain.corp (depending on the user or device)
I have tried nemerous variations on regular expressions, which when run through regex testers match things appropriately.
The docs at https://technet.microsoft.com/en-us/library/dd197583(v=ws.10).aspx suggest that ^RemoteDom\\|@RemoteDom.corp$|@realDom.com$ should work, but it I don't see a radius request traverse the firewall for anything other than DOMAIN\UserName auths and for anything else it continues through to the default 'use windows auth' CRP
Any ideas?