SV: FR proxy to ACS and NPS with MS CHAP v2
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Tue Oct 12 15:37:15 CEST 2010
Hi,
> The issue is that the MS CHAP v2 authentication fails. it succeeds when the
> 2nd Radius is FR and fails with MS NPS.
> Sniffer traces show tha the dialog between the MS CHAP v2 FR and the DC is
> different then the one between the NPS and the DC.
I manage a system that involves several hundred RADIUS servers - in which
there are around two thirds FreeRADIUS, proxied through other systems (including
RADIATOR) and onto NPS for authentication and it works.
I'd suggest that you check the attribute filtering that you are doing - you must ensure
that some basic attributes pass through to the NPS or it will flop.
eg
Proxy-State =* ANY,
EAP-Message =* ANY,
MS-MPPE-Recv-Key =* ANY,
MS-MPPE-Send-Key =* ANY,
MS-CHAP-MPPE-Keys =* ANY,
Message-Authenticator =* ANY,
State =* ANY,
alan
More information about the Freeradius-Users
mailing list