User Identity Attribute

HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy

Data type Range Default value
REG_DWORD RADIUS attribute number By default, this entry does not appear in the registry.

Description

Specifies an alternate RADIUS attribute used to identify a user account in Active Directory for authentication and authorization.

By default, the value of the alternate attribute specified here is used only when the an access request does not include a user name, that is, when the request does not include a valid RADIUS User-Name attribute.

However, if the value of Override User-Name is 1, IAS must use the attribute specified in the value of this entry to identify the account, even when the request includes a valid User-Name attribute.

To specify an attribute, enter the Remote Access Dial-in User Service (RADIUS) attribute number for the attribute in decimal integers. For example, to identify users by their Caller ID or Automatic Number Identification (ANI), add this entry to the registry and set its value to 31, the RADIUS attribute number for Calling-Station-Id.

Note Image Note

If the attribute specified in this entry is not included in the request, IAS uses the value of the RADIUS User-Name attribute. If it is not present or valid, IAS uses the account specified in the value of Default User Identity, if any. Otherwise, the system uses the guest account for the local computer or the domain.

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

Tip Image Tip

RADIUS attributes are defined in RFC 2138. To find a list of RADIUS attributes, see RFC 2138, or see Remote access RADIUS Attributes.

Related Entries

Page Image

Page Image