Username not stripped in NPS

Cristian Di Livio cristian.dilivio at
Mon Feb 26 13:38:52 UTC 2024

Hi all,

I would like to configure wi-fi authentication with 802.1x with multiple
realms and only one NPS (therefore only one active directory domain). For
- AD domain ->
- realms that can be used -> domain; otherRealm

With PEAP traffic, NPS doesn't allow you to manipulate the realm so I can't
use find and replace in NPS configuration.
So I tried to send the stripped username from freeradius but the realm
still arrives in the NPS with realm and it giving me the error that the
domain does not exist.
Why the realm os sent even though I said to strip the username in the
proxy.conf file?
Is there alternatively the possibility to do a find and replace in
For the moment I'm using UPNs on the Windows server but it's a workaround
that I wanted to avoid and which takes away the elegance of the
authentication process.

Thank you in advance.


Cristian Di Livio
Servizi Informatici Ispettoria Salesiana San Marco
Via dei Salesiani, 15 - 30174 Mestre (VE)
tel.: 041.5498573

More information about the Freeradius-Users mailing list