Authentication: Support use of NetBIOS domain in username
My idea is about authentication.
There is a problem with Active Directory authentication. It's possible to use domain name (firstname.lastname@example.org) to login to User Portal, L2TP VPN and etc. but it's not possible to use NetBIOS name(comapny\user). Sophos XG says the user does not exist or his password is not correct. I think this happens because XG automatically adds "company" in front and when you type company\user actually it becomes "company\company\user" so it's not valid but when it is email@example.com it becomes "company\user@company".com which is valid. It can be seen in the log.
It will be very good to have a verification if NetBIOS is included. This will be very useful with MSCHAPV2 because this protocol allows you to get automatically username, password, domain name and NetBIOS from your Microsoft Windows login credentials. For example a client login to Windows PC and if she/he uses L2TP VPN with RADIUS she/he doesn't need to enter her/his credentials again. It can be done automatically with MSCHAPV2.
we need this as well
Sebastian Sidor commented
When connecting to a L2TP VPN using automatic windows credentials it sends domain\username authentication which is not allowed by the firewall. If i manually just type in the username without the domain it works. All of our users have used this feature and it worked great on the astaro. Unfortunately now it doesn't work.