FR 2.1.0 (ubuntu) proxying to NPS/IAS.

Ville Leinonen ville.leinonen at solodel.com
Mon Aug 31 09:59:55 CEST 2009 

Hi,

I try to use FR to forwarding access-request to NPS servers, but some
reason FR/NPS gives "User password is incorrect" message. I have tripple
check that password is correct. When i test IAS to NPS proxy it works. I
have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods.


Any clue what is wrong? Here is some logs:

rad_recv: Access-Request packet from host 192.168.21.150 port 1025, id=57,
length=154
        User-Name = "vle"
        User-Password = "\2063\261m\301\344J\216sCÑ \035\003\2328"
        NAS-Port = 626688
        Called-Station-Id = "192.168.21.150"
        Calling-Station-Id = "192.168.1.114"
        NAS-Port-Type = Virtual
        Tunnel-Client-Endpoint:0 = "192.168.1.114"
        NAS-IP-Address = 192.168.21.150
        Cisco-AVPair = "ip:source-ip=192.168.1.114"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "vle", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "vle"
[suffix] Adding Realm = "NULL"
[suffix] Proxying request from user vle to realm NULL
[suffix] Preparing to proxy authentication request to realm "NULL"
++[suffix] returns updated
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 118 to 192.168.21.200 port 1812
        User-Name = "vle"
        User-Password = "\2063\261m\301\344J\216sCÑ \035\003\2328"
        NAS-Port = 626688
        Called-Station-Id = "192.168.21.150"
        Calling-Station-Id = "192.168.1.114"
        NAS-Port-Type = Virtual
        Tunnel-Client-Endpoint:0 = "192.168.1.114"
        NAS-IP-Address = 192.168.21.150
        Cisco-AVPair = "ip:source-ip=192.168.1.114"
        Proxy-State = 0x3537
Proxying request 0 to home server 192.168.21.200 port 1812
Sending Access-Request of id 118 to 192.168.21.200 port 1812
        User-Name = "vle"
        User-Password = "\2063\261m\301\344J\216sCÑ \035\003\2328"
        NAS-Port = 626688
        Called-Station-Id = "192.168.21.150"
        Calling-Station-Id = "192.168.1.114"
        NAS-Port-Type = Virtual
        Tunnel-Client-Endpoint:0 = "192.168.1.114"
        NAS-IP-Address = 192.168.21.150
        Cisco-AVPair = "ip:source-ip=192.168.1.114"
        Proxy-State = 0x3537
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Reject packet from host 192.168.21.200 port 1812, id=118,
length=52
        Proxy-State = 0x3537
        Reply-Message = "User password is incorrect"

Br,

Ville

More information about the Freeradius-Users mailing list