Showing results for 
Search instead for 
Did you mean: 

VS-z Radius proxy EAP not forwarding request to radius server if username contains @domain.domain

New Contributor II

I have been debugging a certificate issue on Windows7 against NPS Radius back end (using controller as proxy) 

I have noticed that when the user uses username@domain.domain the EAP negotiation is dropped with Explicit EAP error and no connection is detected on the Radius server

If i remove the @domain part the connection goes trough successfully.

Is there something i am missing or is this a bug?

New Contributor II
I did notice a couple of thing tough trough the radius log.

Not found @' in User-Name. Could not extract Realm
Failed to extract realm from User-Name: (DOMAIN\
Not a Permanent-Id Authentication Method
Realm can not be found in PRoxy Mapping table entry

so i turned on debug and the following is logged
Autz profile is not enabled
Realm(domain.dom), profile(263638f2-2024-11e9-936e-000000095780)
Realm is default (DEFAULT263638f2-2024-11e9-936e-000000095780)
Rejecting the AUTH request for username (user.ane@domain.dom) as Auth Service is NA 

so i dont know how i am supose to fix that. seems like it's checking for a authservice in the domain i guess and ignoring the radius options for the wlan

New Contributor II
Never mind, figured it out. had to go into services and profiles -> authentication
Realm based proxy tab and add the domain name to the Realm based authentication service. 

Thanks for pointing me to the logs.

Contributor II
Glad it's sorted.  You are most welcome.