Multidomain authentication by 2 NPS servers with pfSense CP.



  • Hello,

    I don't know if this is stricty connected with CaptivePortal, but I think that only this community can help me now, as you never dissapointed me :).

    We have 2 domains: A and B. Users from both domains should be able to login in CP.
    So CP is configured to authenticate to NPS in A domain.

    In A domain I have 'Connection request policy' -> 'B(.*)' -> redirect to NPS in B domain.
    And requests are redirected, but when username is somehow changed in 'Connection request policy' NPS in B can't find user e.g. 'B\testB'.

    When I redirect all requests to B NPS without changing anything in user-name attribute user is authenticated.

    I suspect that it could be:
    A. my config bug
    B. NPS bug
    C. something wrong with MSCHAP2 after changing user-name attribute.

    Here is my topic at MS Technet: https://social.technet.microsoft.com/Forums/windowsserver/en-US/853138a2-be3f-4841-b946-53d26cc22f2d/nps-reject-user-if-domainusername-provided
    but it is not helpful so far…

    Thanks in advance for any help.


Log in to reply