Ondrej Sevecek's English Pages

If you implement custom Connection Request Policy in an NPS server (network policy server) you may want to forward authentication requests to a remote RADIUS server group. You may base the forwarding decision on a number of request attributes comming from the RADIUS client (such as a VPN gateway or a WiFi access point) as well as those passed through from its access client (the actual VPN client or WiFi client).

One of the attributes that you can check is the user name or user login. You may want to match user login names against domain names and forward the RADIUS requests for authentication to different remote RADIUS server groups. When using the user name attribute for connection request policy matching, you specify a regular expression (regex) to match the domain name. The following are examples of how to do it depending on the format of the login used:

Note that the carret ^ chacter means begin of the string while the dollar sign $ means end of the string, dot-plus .+ means at least a single character and the dot and backslash must be escaped with another backslash. You can always verify the functionality from powershell just like in the following examples:

'domainA\kamil' -match '^domainA\.+'
'domainXXX\kamil' -match '^domainA\.+'
'kamil@domainB.com' match '.+@domainB\.com$'

Wish you happy time with your NPS :-)