proxy problem/question

VannMann32 . vannmann32 at hotmail.com
Mon Mar 6 10:49:37 CET 2006


Hi !


> > If I send ms-chap, then the proxy works. But if I send ms-chap-v2 then
> > i get this error message (from debug) :
>
>   That's nice.  What does the debug log on the other RADIUS server say?


Sorry no debug information, but here is some from the ms w2k3 ias log file :

vent Type:     Warning
Event Source:   IAS
Event Category: None
Event ID:       2
Date:           06.03.2006
Time:           09:03:06
User:           N/A
Computer:     XXXXXX
Description:
User edprp was denied access.
Fully-Qualified-User-Name = DOMAIN\username
NAS-IP-Address = 192.168.1.10
NAS-Identifier = vpn.domain.com
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = freeradius.domain.com
Client-IP-Address = 192.168.1.1
NAS-Port-Type = Virtual
NAS-Port = 0
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = MS-CHAPv2
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or 
incorrect
password was used.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 07 80               ...~@



> > Is this possible ? Should it work ? Is it possible to proxy ms-chap-v2 ?
>
>   Yes.  My guess is that the other RADIUS server doesn't understand
>MS-CHAPv2.

The other radius server is a Microsoft 2003 IAS server.

Just for the test i have installed a local vpn server which is able to send
ms-chap-v2 authentication to the same ms radius server and this is working 
100%





More information about the Freeradius-Users mailing list