Hello everyone,

Please help, maybe someone has already encountered such a situation?

We have the R81.20 Gaia system.

The VPN Remote Access functionality is deployed on the cluster

Users who connect via VPN are located in two different MS domains.

At the moment, authentication for users is configured using Username and Password, and we want to add 2FA as an OTP via RADIUS.

At the same time, users successfully connect using Username and Password, but as soon as we enable RADIUS->OTP, a problem occurs.

If there are two or more domains, the MFA service identifies users by the domain\ prefix in the username.

For automatic recognition, it is necessary to add data about the user's domain so that the RADIUS server, when receiving this data from the gateway (during the client connection), can filter the user's destination to a specific domain and transfer this data to the MFA service.

How to configure the gateway to add the user's domain name to the NAS-Identifier field (or any other parameter) and send this data to the RADIUS server during data transfer to the RADIUS server?

In other words, we want to filter users by domain and send this information to the RADIUS server.

To do this, the domain name must be added to the field, for example, NAS-ID, depending on which domain the user is in.