We have a working radius server and are trying to authenticate using EAP-TTLS with a stripped username.   The username sent is 8888@WiMAX.com, the realm is defined without the nostrip option.  However once it’s inside the inner-tunnel, the username and domain are authenticated against the sql server instead of the stripped username.  We are using a local proxy for the realm. 

 

David