Curtis, We are not using eduroam but we are a cisco ISE user. When you connect to AD via LDAP in ISE I believe that you can accomplish what you are looking to do. If you create a new LDAP identity source look under the directory structure tab. You can strip the subject name based on a dividing character. You can leave your current AD identity source in place and add the LDAP one as well, they will run side by side.
On Tue, Aug 13, 2013 at 7:05 PM, Curtis K. Larsen (UIT-Network) < [email protected]> wrote: > Hello, > > I am just wondering if anyone on the list that participates in eduroam > uses ISE for RADIUS. We are playing with ISE, and finding difficulty > getting it to strip off the realm suffix before authenticating against AD. > I can't imagine there isn't a way to do this since I assume that would > prevent any eduroam customers from using ISE as their primary RADIUS > server. Hopefully we are just missing something simple. Let me know. > > Thanks, > > Curtis Larsen > University of Utah > Network Engineer > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > -- Joe Roth Networking Group Binghamton University Ph. 607-777-7528 Fax 607-777-4009 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
