PEAP authentication failure - different domain name

Unanswered Question
Feb 3rd, 2010
User Badges:

Hi There,

I am experiencing a problem in setting up PEAP authentication between XP WLAN client(Dell) and

ACS(v4.1). Hope to get some helpful ideas here.

Due to a design limitation, the domain name we want our user to use for their user id and the domain name of our AD is slightly different. For example, the user has to use [email protected] as the WLAN id and the AD domain name is

When I use the name [email protected], the authentication was successful.. But if I use [email protected], it failed.

I read in the ACS manual that it should not care about the domain name. It will strip the domain name and only use the user id "joe_user" in this case to authenticate. If this is true, why there's the difference?

<UPN Username description in manual, page 12-9 in 4.1 user guide>

UPN Usernames

ACS supports authentication of usernames in UPN format, such as [email protected] or cyril.yang@[email protected].

If the authentication protocol is EAP-TLS, by default, ACS submits the username to Windows in UPN format. For all other authentication protocols that it can support with Windows databases, ACS submits the username to Windows that is stripped of all characters after and including the last at symbol (@). This behavior allows for usernames that contain an at symbol (@). For example:

•If the username received is [email protected], ACS submits to Windows an authentication request containing the username cyril.yang.

•If the username received is cyril.yang@[email protected], ACS submits to Windows an authentication request containing the username [email protected]-office.

</UPN Username>

Thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion



Trending Topics - Security & Network