Article ID: 956923 - View products that this article applies to.
Consider the following scenario:
Note The User Mapping option is used to map VPN clients from non-Windows namespaces, such as RADIUS or Extensible Authentication Protocol (EAP) authenticated users, to the Windows namespace.
This problem occurs because ISA Server 2006 does not recognize that the RADIUS user name is a UPN name format and incorrectly adds the domain name in front of the user name. When the computer that is running ISA Server tries to perform the User Mapping later, it cannot find the user because the user name format is invalid.
To resolve this problem, apply the hotfix that is mentioned in the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/956925/ )Description of the ISA Server 2006 hotfix package: August 20, 2008
To work around this problem, the VPN users can specify their credentials in a Security Accounts Manager (SAM) name format (DomainName\UserName). This will allow ISA Server to appropriately parse the credentials and perform the user mapping.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/824684/ )Description of the standard terminology that is used to describe Microsoft software updates
Article ID: 956923 - Last Review: November 11, 2008 - Revision: 1.0