Dennis,
I can think of two solutions:
1) Put a RADIUS server that is capable of stripping REALMs in front of your ACS
5.x server (e.g. FreeRADIUS)
(this will also help you with other features in the future that FreeRADIUS
tends to integrate and ACS doesn’t)
2) add to AD a second UPN (@uogelph.ca <http://uogulph.ca/>)
Philippe Hanset
www.eduroam.us
www.anyroam.net
> On Sep 3, 2015, at 4:23 PM, Dennis Xu <[email protected]> wrote:
>
> We have one issue with eduroam and AD authentication. We authenticate eduroam
> users to Active Directory using PEAP-mschap-v2. The issue relies at our AD
> domain name which is a sub domain called cfs.uoguelph.ca. If users try to
> login with username [email protected], the authentication will fail as the
> domain name does not match. We had to strip the "@uoguelph.ca" suffix on our
> ACS 4.2 to make it work but the same suffix stripping functionality does not
> exist in ACS 5.x so we have to find other alternatives. I would to know if it
> is a common issue in universities that the AD domain does not match the main
> domain? If you have the same issue, what are your solutions? Thanks.
>
> ---
> Dennis Xu, MASc, CCIE #13056
> Analyst 3, Network Infrastructure
> Computing and Communications Services(CCS)
> University of Guelph
>
> 519-824-4120 Ext 56217
> [email protected]
> www.uoguelph.ca/ccs
>
> **********
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
