CommScope RUCKUS Community Forums

kristoffer_olaf · ‎02-07-2019

Hi,

I have been debugging a certificate issue on Windows7 against NPS Radius back end (using controller as proxy)

I have noticed that when the user uses username@domain.domain the EAP negotiation is dropped with Explicit EAP error and no connection is detected on the Radius server

If i remove the @domain part the connection goes trough successfully.

Is there something i am missing or is this a bug?

kristoffer_olaf · ‎02-07-2019

I did notice a couple of thing tough trough the radius log.

Not found @' in User-Name. Could not extract Realm
Failed to extract realm from User-Name: (DOMAIN\user.name)
Not a Permanent-Id Authentication Method
Realm can not be found in PRoxy Mapping table entry

so i turned on debug and the following is logged
Autz profile is not enabled
Realm(domain.dom), profile(263638f2-2024-11e9-936e-000000095780)
Realm is default (DEFAULT263638f2-2024-11e9-936e-000000095780)
Rejecting the AUTH request for username (user.ane@domain.dom) as Auth Service is NA

so i dont know how i am supose to fix that. seems like it's checking for a authservice in the domain i guess and ignoring the radius options for the wlan

kristoffer_olaf · ‎02-07-2019

Never mind, figured it out. had to go into services and profiles -> authentication
Realm based proxy tab and add the domain name to the Realm based authentication service.

Thanks for pointing me to the logs.

tony_heung · ‎02-07-2019

Glad it's sorted. You are most welcome.

CommScope RUCKUS Community Forums

VS-z Radius proxy EAP not forwarding request to radius server if username contains @domain.domain