FR proxy to ACS and NPS with MS CHAP v2

SagiBarOr sagi.bar-or at intel.com
Wed Jul 14 20:18:06 CEST 2010


We are developing a security scheme in which we use EAP TTLS MS CHAP v2 with
Proxy.  The TTLS phase is done with the first AAA server, and the second
step, with MS CHAP v2, is proxied to another AAA (which is an LDAP server). 
When the first AAA server is FR and the second one is also FV, then
authentication is OK. 
When the second AAA server is ACS (Cisco) or NPS (MS), the MS CHAP v2
authentication fails. 
We preformed troubleshooting and elimination testing which indicate the
issue is with the pwd. Not with the user name. For example it also fails
with the local DB of the 2nd AAA server. Also the verbose error log shows
the user account is found. 
Looks like something is wrong with the pwd hash. 
will most appreciate your expert opinion. 
Thnks
Sagi


-- 
View this message in context: http://old.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp29132664p29132664.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.





More information about the Freeradius-Users mailing list