This is the keychain screenshot of what we want to achieve, adding DOMAIN1 in front of the username, in order to be able to authenticate when the user goes to the office in DOMAIN2
The configuration pushed with JAMF is just:
Certificates form all the radius servers in both domains.
Network payload adding the Wifi SSID with auto join. No username, nor "use directory authentication", Users are prompted to introduce the username, if they were introducing domain1username the problem would go away but users wouldn't do that, hence the need to find a solution for this as users going to Domain2 would try to connect to the SSID and it would directly fail, it does not even re-prompt to introduce credentials, if that was the case we could tell the users roaming that they need to insert manually the domain1.
Radius servers (domain controllers) from those two domains have a trust relationship but are currently not looking for the user in the other domain unless domain is specified.
What I would require:
Add prefix on the keychain for 802.1x, for example apply users in the Location1 the prefix Domain1 and users in Location2 the prefix Domain2.
Any other suggestion would we welcome.