So i have an interesting problem here. I have a captive portal page that authenticates against radius servers. The radius servers are microsoft NPS.
On this captive portal, users can use username, and get a ppsk code. They cannot use username@domain, the authentication fails.
However, other networks with WPA enterprise (802.1x, username and password), they can authenticate with either an email address or their username.
I narrowed the problem down to the difference between EAP authentication (on the 802.1x enterprise) VS mschap v2, which the captive portal uses. For some reason, ms chap v2 does not authenticate when the domain portion is used.
I tried to use realm stripping to get around this, but for some reason it isnt working either.
My question is 1.) does anyone do this, and did you get emails to work with NPS server. How did you do it? and 2.) is ms chapv2 really the highest authentication method that can be used for captive portal? can you not enable EAP authentication as well?
any other way i can configure so that people can log in with their SPN or full email address.
