In the most recent debug I see you posted (16:36 yesterday) it's failing because:
[eap] Request is supposed to be proxied to Realm $2. Not doing EAP. ++[eap] returns noop ... You tried to use a regexp to parse the username (usually a mistake IMHO) and put the "domain" bit into the "Proxy-To-Realm" attribute but Proxy-To-Realm instructs the server to do just that - which cancels local authentiction.
Agreed. I commented all that back out this morning while pursuing the mschap possibility.
Reading back through the thread, it seems like there is some confusion between "domain" in the Windows NT/Active Directory sense, and "domain" as a "Realm", which is a concept used in Radius proxying.
I'm going to take a guess and assume you don't really need to do proxying, and were just trying to use the "realm" module to strip off the "host/...domain.com" bits, and have gotten a bit tangled.
Yup.
Make sure you're using "%{mschap:User-Name}" everywhere that NT domain usernames might exist - in the "ldap" module filter, for starters.
That's the thing. There isn't anywhere else to set it, that I can see.
At this point, you may find it easier to revert to the default configs and start from scratch, one change at a time and keeping the configs in version control.
That's another thing. I specifically created this setup by doing: cd /etc/raddb/sites-available cp default campus-eap And then making only the necessary changes to make it work. Anything I've changed was done by commenting out the original, copying that line(s), and making changes. I have changed very, very little from the default. --J