proxy problem/question
VannMann32 .
vannmann32 at hotmail.com
Mon Mar 6 10:49:37 CET 2006
Hi !
> > If I send ms-chap, then the proxy works. But if I send ms-chap-v2 then
> > i get this error message (from debug) :
>
> That's nice. What does the debug log on the other RADIUS server say?
Sorry no debug information, but here is some from the ms w2k3 ias log file :
vent Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 06.03.2006
Time: 09:03:06
User: N/A
Computer: XXXXXX
Description:
User edprp was denied access.
Fully-Qualified-User-Name = DOMAIN\username
NAS-IP-Address = 192.168.1.10
NAS-Identifier = vpn.domain.com
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = freeradius.domain.com
Client-IP-Address = 192.168.1.1
NAS-Port-Type = Virtual
NAS-Port = 0
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = MS-CHAPv2
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or
incorrect
password was used.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 07 80 ...~@
> > Is this possible ? Should it work ? Is it possible to proxy ms-chap-v2 ?
>
> Yes. My guess is that the other RADIUS server doesn't understand
>MS-CHAPv2.
The other radius server is a Microsoft 2003 IAS server.
Just for the test i have installed a local vpn server which is able to send
ms-chap-v2 authentication to the same ms radius server and this is working
100%
More information about the Freeradius-Users
mailing list