SV: FR proxy to ACS and NPS with MS CHAP v2

SagiBarOr sagi.bar-or at intel.com
Thu Jul 29 14:26:02 CEST 2010 

Here is another pair of logs which may be more focused than the previous
pair. It is of the LDAP portion only



SagiBarOr wrote:
> 
> Thank you for the info Jan.  The radiusd-x files were included in the zip
> files. Though I guess the other logs were overwhelming. 
> I now posted the two log files here. 
> The file cn-check_splitauth.log is from the first free radius. 
> The file ldap_mschapv2.log is from the second FR server which does the MS
> CHAP v2 portion. 
> Note that everything works in this confioguration. No issues. What I like
> the forum to advise, is what might be non std or missing in the MC CHAP v2
> session, which FR overcomes it. 
> When I replace the 2nd FR with MS NPS or Cisco NPS the authentication
> fails, looks like because the pwd (hash) does not match. 
> Thnks
> Sagi
> 
> 
> 
> Madsen.Jan JMD wrote:
>> 
>> I think you need to stop the radius process and then start i with radiusd
>> -X
>> This will run freeradius in the window you are starting it in, in debug
>> mode.
>> 
>> On a Linux it will look something like this
>> /usr/sbin/freeradius -X (Default Debian install directory)
>> 
>> Or in a manually compiled 
>> /opt/freeradius-1.1.8/sbin/radiusd -X (My install location)
>> 
>> And that output it comes from that is what Phil wants :)
>> 
>> Best regards
>> Jan Madsen
>> 
>> 
>> 
>> -----Oprindelig meddelelse-----
>> Fra: freeradius-users-bounces+jmd=kmd.dk at lists.freeradius.org
>> [mailto:freeradius-users-bounces+jmd=kmd.dk at lists.freeradius.org] På
>> vegne af SagiBarOr
>> Sendt: 15. juli 2010 09:46
>> Til: freeradius-users at lists.freeradius.org
>> Emne: Re: FR proxy to ACS and NPS with MS CHAP v2
>> 
>> 
>> Thank you for the clarification Phil. I am not sure what "radius -x"
>> means. I
>> posted the two output files I have. Are these the ones? If not, pls
>> elaborate. 
>> 
>> Note that these are the output files for the two FR servers, for which
>> eveything is just fine. What does not work is when the second server is
>> not
>> FR but NPS or ACS.  I hope this data will suffice to identify the issue
>> or
>> at least give good leads. 
>> 
>> 
>> 
>> 
>> 
>> Phil Mayers wrote:
>>> 
>>> On 07/14/2010 11:17 PM, SagiBarOr wrote:
>>>>
>>>> Files posted.
>>> 
>>> No.
>>> 
>>> Post the output of "radiusd -X" to the list.
>>> 
>>> We don't need anything else; just that.
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>> 
>>> 
>> http://old.nabble.com/file/p29170161/cn-check_splitauth.log
>> cn-check_splitauth.log 
>> http://old.nabble.com/file/p29170161/ldap_mschapv2.log ldap_mschapv2.log 
>> -- 
>> View this message in context:
>> http://old.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp29132664p29170161.html
>> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>> 
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> __________________________________________________________________________________________
>> KMD A/S, Lautrupparken 40-42, DK-2750 Ballerup, CVR-nr. 26911745 
>> 
>> KMD er medlem af IT-Branchen og Dansk Erhverv samt anmeldt til
>> Datatilsynet som edb-servicevirksomhed. KMD er certificeret i henhold til
>> ISO 9001:2000, med Dansk Standard som certificerende organ og er desuden
>> Microsoft Gold Certified Partner og Certificeret SAP Hosting Center.
>> 
>> www.kmd.dk   www.kundenet.kmd.dk   www.organisator.dk  
>> www.kmdinternational.com
>> 
>> Hvis du har modtaget denne e-mail ved en fejl, bedes du venligst give mig
>> besked herom og slette den.
>> If you received this e-mail by mistake, please notify me and delete it.
>> Thank you.
>> __________________________________________________________________________________________
>> KMD A/S, Lautrupparken 40-42, DK-2750 Ballerup, CVR-nr. 26911745 
>> 
>> KMD er medlem af IT-Branchen og Dansk Erhverv samt anmeldt til
>> Datatilsynet som edb-servicevirksomhed. KMD er certificeret i henhold til
>> ISO 9001:2000, med Dansk Standard som certificerende organ og er desuden
>> Microsoft Gold Certified Partner og Certificeret SAP Hosting Center.
>> 
>> www.kmd.dk   www.kundenet.kmd.dk   www.organisator.dk  
>> www.kmdinternational.com
>> 
>> Hvis du har modtaget denne e-mail ved en fejl, bedes du venligst give mig
>> besked herom og slette den.
>> If you received this e-mail by mistake, please notify me and delete it.
>> Thank you.
>> 
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> 
>> 
>  http://old.nabble.com/file/p29275298/cn-check_splitauth.log
> cn-check_splitauth.log 
> http://old.nabble.com/file/p29275298/ldap_mschapv2.log ldap_mschapv2.log 
> 
http://old.nabble.com/file/p29295911/1st%2BAAA-ldap_mschapv2.log
1st+AAA-ldap_mschapv2.log 
http://old.nabble.com/file/p29295911/2nd%2BAAA-cn-check_splitauth.log
2nd+AAA-cn-check_splitauth.log 
-- 
View this message in context: http://old.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp29132664p29295911.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list