One of our customer uses AD authentication when using remote access with Endpoint Connect. In the Endpoint Connect client, we are entering this AD username and password and this is working fine. The username is in the format: username.
But now, a second authentication step is needed with RADIUS and the RADIUS server requires the username to be in the pre-Windows 2000 format. So domain\username. We have configured the New Login Options feature within SmartConsole.
In this new setup, AD authentication works fine because the gateways recognizes the username by the entered username. But the second authentication step fails because the RADIUS server expects domain\username but just receives username.
If we enter domain\username in the Endpoint Connect client we get an unkown user right away.
Can we strip the domain part of the username entered in Endpoint Connect so Check Point recognizes the user, but send the complete name (including the domain) to the RADIUS server? Has anyone ever done this before?
Thanks for any help.