I am running freeradius 2.2.0, I have configured freeradius to authenticate against active directory and also offer eduroam service When I authenticate my username as “test” and password in to my wireless devices it works. However if I try to authenticate my username as test@abc.ac.uk it does not work because freeradius pass on test@abc.ac.uk to active directory without stripping out @abc.ac.uk as shown below: [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: test@abc.ac.uk [mschap] Client is using MS-CHAPv2 for test@abc.ac.uk, we need NT-Password [mschap] expand: --username=%{mschap:User-Name:-None} -> --username=test@abc.ac.uk [mschap] No NT-Domain was found in the User-Name. [mschap] expand: %{mschap:NT-Domain} -> [mschap] ... expanding second conditional [mschap] expand: --domain=%{%{mschap:NT-Domain}:-UNIVERSITY} -> --domain=UNIVERSITY [mschap] Creating challenge hash with username: test@abc.ac.uk [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=6d98addf3855kk34f22 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=278994tg713ccd713g8876666k1196faaf038ef Exec-Program output: Logon failure (0xc00004f) How can I fix the problem of authentication users that type in there local realm @abc.ac.uk with their username as well as proxing eduroam users? Basically, how do I authenticate local user or stripe local realm before pass to active directory for authentication?