Cisco Support Community
Community Member

PEAP username format

I just setup PEAP (MS-CHAP) for wireless authentication from Windows XP client to WLSE express RADIUS server using Windows Domain Authentication. We installed Remote-Agent-ACSse on a domain controller. Everything works fine if we enter username and password without domain name on the XP client. If we enter domain name or use single sign on, XP sends the username in the format <domainname>/<username> (to see in RADIUS debug log on AP) and the authentication fails on the Remote-Agent-ACSse service. If we enable 'authenticate as computer ...' XP sends username in the format host/<hostname>.<domainname> and authentication also fails.

Any idea how to solve this problem?

Community Member

Re: PEAP username format

I think you are running into the same problem i am running into. My Authentications is rejected once it has \ i can't seem to find a solution also. I changed my configuration to use LDAP instead of Windows Domain Authentication and the same thing happens. If i use Aironet Desktop Utility it works fine because the username is simply sent as without the domain.I have a TAC case with cisco and still waiting feedback.

Community Member

Re: PEAP username format

I checked this with microsoft support. They told that the format of the username in the PEAP request is correct and can't be changed on the XP client.

My solution is to use MS IAS service (a component of Windows 2003 server).

It works fine for host and user authentication.

CreatePlease to create content