none
NPS Regex Realm RRS feed

  • Question

  • Hi,

    I'm doing the setup of a Network Policy Server (Radius).

    We have actually two DNS domains : 

    company.tld and company.xyz.tld

    The Active directory Domain is compagny.tld

    Our radius shoud authenticate the users, even if they use the second DNS.

    For that, I have a dedicated connection request policy that match the DNS domain. In the settings, I've configured a regex on the attribute User-Name.

    I've some troubles with this regex : I cannot match the dot (.)

    The only things that works is when I replace "xyz" with nothing.

    Then, in the logs I can see that the domain became company..tld (double dot) and of cours did not match any known domain.

    I tried everything : 

    replace xyz\. with nothing

    replace xyz\\. with nothing

    etc...

    I've looked a lot on google, but still not working.

    The environment is : Windows 2016 Standard, Version 1607, OS Build : 14393.1883

    I also tried to look in the registry but I did not find the tree. I also have exported the config in xml and the content is consistent with what I've configured in the MMC.

    So I'm interested if you have any suggestion for me,

    Regards,

    Jean-Sébastien Stoffen

    Tuesday, August 20, 2019 1:58 PM

All replies

  • Hi,

    Please try the regular expression below.

    ^company|company.xyz\.tld$  

    You also can refer to the link below:

    https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-crp-reg-expressions 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, August 21, 2019 1:51 AM
    Moderator
  • Hi, Thank you for your answer.

    Unfortunately it does not match the realm, so it's not modified.

    the account name is user@company.xyz.tld and I want to transform it to user@company.tld

    Regards,

    Jean-Sébatien Stoffen

    Wednesday, August 21, 2019 12:57 PM
  • Hi,

    Why do you need to use user@company.xyz.tld? 

    The user logon name should be user@company.tld.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, August 22, 2019 1:57 AM
    Moderator
  • Hi,

    Thank you for your answer,

    actually we have 25 000 users using the realm company.xyz.tld for their wifi radius authentication, We can't ask them to change.

    The NPS shoud authenticate the two realms.

    Normaly NPS allows it via the regex maniuplation but for a strange reason, I cannot make it match the dots...

    Thursday, August 22, 2019 11:54 AM
  • Hi,

    According to the link above, the regular expression of "." is "\.", 

    The regular expression of "company.xyz.tld" is "^@company\.xyz\.tld$".

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, August 23, 2019 7:25 AM
    Moderator
  • Hi Travis, 

    Thank you for your answer, I tried but not working. I tried everything : 

    (.*)@(.*) replace with $1@compagny.tld

    ^.*@compagny\.xyz\.tld replace with $1@compagny.tld

    xyz.*$ replace with compagny.tld

    in every case, I see in the logs that nothing has been change, it's like the regex does not match anything.

    the only scenario where I can see that something was replaced is : 

    xyz replace with nothing.

    but in that case, the result is company..tld (with a double dot) and of course, the error message is : "The specified domain does not exists"

    Friday, August 23, 2019 8:50 AM
  • It's really wired because actuallt our tld is .be

    this is not working : 

    (.*)@company\.xyz\.be replace with : $1@company.be

    but this is working : 

    (.*)@company\.xyz\.be replace with : $1@company.bb

    so if the last characted is an "e"  in the replace part, the regex does not math anything !!!

    I think we are facing a strange bug in the software.

    If you have any suggestion,

    Regards,

    Jean-Sébastien Stoffen

    Friday, August 23, 2019 2:37 PM
  • Hi,

    I am trying to involve someone familiar with this topic to further look at this issue.  If we have any updates or any thoughts about this issue, we will keep you posted as soon as possible. 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, August 26, 2019 2:04 AM
    Moderator