If you don't want to authenticate any users in the NPSDOMAIN then you could
do a "rewrite" in your connection request policy. Replace username
with OTHERDOMAIN\username. NPS can use basic regex to find and replace.
This can be found in Connection Request Policies, YOUR POLICY, Settings
then Attribute.
We did what you are wanting to do with a rewrite rule but then decided
down the road it was easier to just make the radius server a member of the
domain we are trying to authenticate against.
-------------------------------
Craig Pluchinsky
IT Services
Indiana University of Pennsylvania
724-357-3327
On Thu, 20 Oct 2011, John York wrote:
I'm trying to change the default domain that NPS uses to authenticate users.
We need to authenticate wireless users through NPS that have accounts in domain
different than the NPS is in, but the server has a valid trust with the other
domain. We could install an NPS in the other domain, and use a RADIUS proxy to
the remote server. However, it would be simpler if we could just get NPS to
change its default domain and authenticate through the trust instead. There's
lots of info on the web that this used to work in IAS.
I'm trying to use the registry key cited by the following links, but it isn't
working for me. I wonder if something has changed in 2008 or R2
http://blogs.technet.com/b/nap/archive/2006/09/19/457603.aspx
http://technet.microsoft.com/en-us/library/bb742394.aspx
http://technet.microsoft.com/en-us/library/cc958034.aspx
The key is
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan
\PPP\ControlProtocols\BuiltIn\DefaultDomain REG_SZ
When I watch the NPS server log, the User Name comes across as testuser (no
domain), but then NPS generates the fqdn user name NPSDOMAIN\testuser, instead
of DOMAININREGKEY\testuser. I've both restarted the NPS service and rebooted
the server.
Thanks
John
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
