We have run a Cisco WiFi network that uses 802.1x to authentication logins against Active Directory.
Employees login using their UPN prefix, and all works well.
For various reasons we'd like users to be able to log in with their email address (stored in the mail attribute) instead. This doesn't map to the full UPN (the suffix is different, and our users are from a number of different email domains).
Rather than logging in as they currently do using firstname.lastname (which matches the UPN of firstname.lastname@activedirectory.domain we want them to use me@myemail.com or whatever their email address actually is.
We use Microsoft NPS for this currently, and have our Cisco WLC configured to use it as the RADIUS authentication sever.
Is there a way to change NPS to authentication users based on a different AD/LDAP attribute rather than only sAMAccountName/UPN?
