We're starting to implement a new shared wireless network and I need to figure out how to change the username format sent to the external radius servers.
The username currently is in the format <host>.<domain> and we need to send <host>@<domain>. It seems possible to do this in advanced attribute settings -> Modify attribute in the request
I'm unsure of the format, I'd appreciate any guidance.
Thanks
Accepted Solutions
Hi hslai,
Sorry to pick up this older post but I have similar situation where I'm trying to add the domain suffix to a username radius attribute. Situation is as follows: we are using Cisco FMC with external Radius authentication towards Cisco ISE. But FMC is not able to add domain suffixes to usernames. In the ISE we have AD integration and authenticate against AD, here we can use identity rewrite. But the policies also check the users internal group memberschip and this doesnt work because ISE cannot match Radius request without suffix with internal user with suffix. ISE is being used for device administration for Stealthwatch, DNA, Switches, WLC's, etc.... So the internal accounts are configured with external authentication against AD. But towards AD I can use the Identity Rewrite but I cant match on group membership.
Is it possible to configured ISE to forwards the RADIUS request to itself and manipulate the username attribute by adding the domain suffix? Question comes down to: can you use variables in the "Modify attribute in the request" section underneath the "Radius server sequence"?
See example in screen below.
Thanks in advance
