On 13/10/2011 21:16, Kevin Chan wrote:
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2 authentication against Active Directory (2003). Our realm is abc.acme.edu, but since Eduroam doesn't allow subdomain, end user has to use bob@acme.edu instead bob@abc.acme.edu as username.
Presumably you are in the US? ... It's a shame that US eduroam seems to forbid subdomains for it's own institutions (lots of organisations doing eduroam in Europe use subdomain realms).
My question is can you modify the realm behind the user's back? (during EAP process).
I think this may mess things up... but you shouldn't need to *modify* the realm? [More info about your specifics please]? The realm on the outer ID will get the auth to your FR (anything@uni.edu). The realm [if present] on the inner ID is generally stripped before it goes to ntlm_auth against your AD). Regards, James -- James J J Hooper Senior Network Specialist, University of Bristol http://www.wireless.bristol.ac.uk --