Radius server accepts only username in format domain\username
Radius srver is Vasco radius server.
We only have  Radius authentication.
No LDAP Authentication.
We have multiple domain for authentication
With  domaindrop down policy
When the user enters samaccountname and select the domain from the drop down , we get the error "Invalid username and password ".
If we enter UPN it works fine .
If we enter domain\username , authentication works fine.
 

---

Instructions

Unbind the rewrite policy created for domaindrop down on Gateway Vserver.
Unbind the radius authentication policy from Gateway Vserver
Create a AAA Vserver.
Create Login schema Policy with expression TRUE and  with domaindrop.xml schema file.



In the profile , select  domaindrop.xml .

In the default file we only have options to add 2 domains.
In case you want to add dropdown for more domains
Download the domaindropdown.xml file.
Edit the file and added the line </DisplayValue><DisplayValue><Display>abc.com</Display><Value>abc.com</Value>
 

<?xml version="1.0" encoding="UTF-8"?><AuthenticateResponse xmlns="http://citrix.com/authentication/response/1">
<Status>success</Status>
<Result>more-info</Result>
<StateContext/>
<AuthenticationRequirements>
<PostBack>/nf/auth/doAuthentication.do</PostBack>
<CancelPostBack>/nf/auth/doLogoff.do</CancelPostBack>
<CancelButtonText>Cancel</CancelButtonText>
<Requirements>
<Requirement><Credential><ID>login</ID><SaveID>ExplicitForms-Username</SaveID><Type>username</Type></Credential><Label><Text>domaindropdown_new_user_name</Text><Type>nsg-login-label</Type></Label><Input><AssistiveText>domaindropdown_new_please_supply_either_domain\username_or_user@fully.qualified.domain</AssistiveText><Text><Secret>false</Secret><ReadOnly>false</ReadOnly><InitialValue/><Constraint>.+</Constraint></Text></Input></Requirement>
<Requirement><Credential><ID>passwd</ID><SaveID>ExplicitForms-Password</SaveID><Type>password</Type></Credential><Label><Text>domaindropdown_new_password</Text><Type>nsg-login-label</Type></Label><Input><Text><Secret>true</Secret><ReadOnly>false</ReadOnly><InitialValue/><Constraint>.+</Constraint></Text></Input></Requirement>
<Requirement><Credential><ID>domain</ID><Type>none</Type></Credential><Label><Type>none</Type></Label><Input><ComboBox><InitialSelection>unspecified</InitialSelection><DisplayValues><DisplayValue><Display>select a domain</Display><Value>unspecified</Value></DisplayValue><DisplayValue><Display>abc.com</Display><Value>abc.com</Value></DisplayValue><DisplayValue><Display>abc.com</Display><Value>abc.com</Value></DisplayValue><DisplayValue><Display>TEST.com</Display><Value>TEST.COM</Value></DisplayValue></DisplayValues></ComboBox></Input></Requirement>
<Requirement><Credential><Type>none</Type></Credential><Label><Text>domaindropdown_new_please_select_domain_to_continue_login_...</Text><Type>nsg_confirmation</Type></Label><Input/></Requirement>
<Requirement><Credential><ID>loginBtn</ID><Type>none</Type></Credential><Label><Type>none</Type></Label><Input><Button>domaindropdown_new_log_on</Button></Input></Requirement>
</Requirements>
</AuthenticationRequirements>
</AuthenticateResponse>

Save the File with different name.
Now go login schema profile we created



Select the upload option and upload the xmlfile we created.
Bind this login schema to AAAVserver.
Create one more login schema with the name no schema


Click on ADD
Give the name for the profile
Leave the default option as no Schema
Under the user Expression , Add AAA.LOGIN.DOMAIN+"\\"+AAA.LOGIN.USERNAME
Click on  create


We will create 2 Authentication policies under AAA Vserver -> Authentication- > Advanced Authentication->
Create No Auth policy with the Expression http.req.url.contains("/nf/auth/doAuthentication.do") and the action as No_AUTHN



Create one more policy for Radius Authentication



Now go to AAA Vserver -> Edit-> Advanced Authenication Policy ->
Bind the Authentication Policy
First Select No Auth Policy
In the Next Factor select the Radius Policy with the login schema as “Noschema” created earlier.




Create Authentication profile and select  target AAAServer.
Bind it to Gateway VPN Vserver
Save the Config.