On 13/10/2011 21:35, James J J Hooper wrote:
On 13/10/2011 21:16, Kevin Chan wrote:Hi all,hopefully i got to the right group of people. We are trying to use Freeradius to do PEAP/MSCHAPv2 authentication against Active Directory (2003). Our realm is abc.acme.edu, but since Eduroam doesn't allow subdomain, end user has to use [email protected] instead [email protected] as username.Presumably you are in the US? ... It's a shame that US eduroam seems to forbid subdomains for it's own institutions (lots of organisations doing eduroam in Europe use subdomain realms).
I re-read http://www.eduroamus.org/node/29 ...It says that *you* shouldn't forward subdomains of your own realm to the national proxies, which would be filtered. This indeed makes sense for loop protection.
...and it implies "only usernames of the form [email protected]" should be accepted, but it doesn't actually state that you can't use subdomains.
I suppose it depends on how the "routing" on the US level eduroam proxies is set-up:
if (Realm =~ /^(.+\.)?\.uni\.edu$/) { }
or
if (Realm =~ /^uni\.edu$/) { }
-James
--
James J J Hooper
Senior Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

