<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:14pt"><div style="color: rgb(0, 0, 0); font-size: 18.6667px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">I am running freeradius 2.2.0, I have configured freeradius
to authenticate against active directory and also offer eduroam service
<div class="MsoNormal"><span style="mso-spacerun:yes"> </span>When I authenticate
my username as “test” and password in to my wireless devices it works.</div><div style="color: rgb(0, 0, 0); font-size: 18.6667px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;" class="MsoNormal"><br></div>
<div class="MsoNormal">However if I try to authenticate my username as <a href="mailto:test@abc.ac.uk">test@abc.ac.uk</a> it does not work because
freeradius pass on <a href="mailto:test@abc.ac.uk">test@abc.ac.uk</a> to active
directory without stripping out @abc.ac.uk as shown below:</div><div class="MsoNormal"><br></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschapv2] # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel</span><span style="font-size:12.0pt;
font-family:"Times New Roman","serif";mso-fareast-font-family:"Times New Roman";
mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschapv2] +- entering group MS-CHAP {...}</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
"Times New Roman";mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschap] Creating challenge hash with username:
test@abc.ac.uk</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";
mso-fareast-font-family:"Times New Roman";mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschap] Client is using MS-CHAPv2 for test@abc.ac.uk,
we need NT-Password</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";
mso-fareast-font-family:"Times New Roman";mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschap]
expand: --username=%{mschap:User-Name:-None} -> --username=test@abc.ac.uk</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
"Times New Roman";mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschap] No NT-Domain was found in the User-Name.</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
"Times New Roman";mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschap]
expand: %{mschap:NT-Domain} -> </span><span style="font-size:12.0pt;
font-family:"Times New Roman","serif";mso-fareast-font-family:"Times New Roman";
mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschap]
... expanding second conditional</span><span style="font-size:12.0pt;
font-family:"Times New Roman","serif";mso-fareast-font-family:"Times New Roman";
mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschap]
expand: --domain=%{%{mschap:NT-Domain}:-UNIVERSITY} -> --domain=UNIVERSITY</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
"Times New Roman";mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschap] Creating challenge hash with username:
test@abc.ac.uk</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";
mso-fareast-font-family:"Times New Roman";mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschap]
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=6d98addf3855kk34f22</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
"Times New Roman";mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">[mschap]
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=278994tg713ccd713g8876666k1196faaf038ef</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
"Times New Roman";mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal"><span style="mso-ascii-font-family:Calibri;mso-fareast-font-family:
"Times New Roman";mso-hansi-font-family:Calibri;mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-GB">Exec-Program output: Logon failure (0xc00004f) </span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
"Times New Roman";mso-fareast-language:EN-GB"></span></div>
<div class="MsoNormal"> </div>
<div class="MsoNormal">How can I fix the problem of authentication users that type
in there local realm @abc.ac.uk with their username as well as proxing eduroam
users?</div>
<div class="MsoNormal">Basically, how do I authenticate local user or stripe local
realm before pass to active directory for authentication?</div>
</div><br><div style="font-family: times new roman, new york, times, serif; font-size: 14pt;"><div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"><br> </div> </div> </div></body></html>