NPS: User Identity Attribute

Applies To: Windows Server 2008, Windows Server 2008 R2

When you deploy the Routing and Remote Access service (RRAS) as a dial-up server, you can use the User Identity Attribute registry setting to instruct Network Policy Server (NPS) to use the value of the Calling-Station-ID attribute, which is a Remote Authentication Dial-In User Service (RADIUS) attribute, as the identity of the calling user.

Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

Registry path

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Policy

The RADIUS attribute that NPS uses to identify the user is configurable by setting the User Identity Attribute registry setting.

You can change the value of this entry to the number of the RADIUS attribute that is used for the user identity. To assign the Calling-Station-ID attribute value, change the entry value to 31. By default, User Identity Attribute is set to 1, the RADIUS type value for the User-Name RADIUS attribute.

This registry setting tells the authenticating server to use the calling number (RADIUS attribute 31, Calling-Station-ID) as the identity of the calling user. The user identity is set to the calling number only when there is no user name being supplied in the connection attempt.