PEAP authentication failure - different domain name
I am experiencing a problem in setting up PEAP authentication between XP WLAN client(Dell) and
ACS(v4.1). Hope to get some helpful ideas here.
Due to a design limitation, the domain name we want our user to use for their user id and the domain name of our AD is slightly different. For example, the user has to use email@example.com as the WLAN id and the AD domain name is xxx.yyy.com.
I read in the ACS manual that it should not care about the domain name. It will strip the domain name and only use the user id "joe_user" in this case to authenticate. If this is true, why there's the difference?
<UPN Username description in manual, page 12-9 in 4.1 user guide>
If the authentication protocol is EAP-TLS, by default, ACS submits the username to Windows in UPN format. For all other authentication protocols that it can support with Windows databases, ACS submits the username to Windows that is stripped of all characters after and including the last at symbol (@). This behavior allows for usernames that contain an at symbol (@). For example:
•If the username received is firstname.lastname@example.org, ACS submits to Windows an authentication request containing the username cyril.yang.
•If the username received is cyril.yang@email@example.com, ACS submits to Windows an authentication request containing the username cyril.yang@central-office.