SV: FR proxy to ACS and NPS with MS CHAP v2

sbaror at
Sun Dec 5 23:40:38 CET 2010

Thank you for all the inputs. I resolved the issue. The root casue was the
missing domain name. 

Although the username is found in the active directory, the domain name must
be sent because it is part of the blob and most likley part of the hash (the
function is probably LsaLogonUser). 
if the domain name is not sent than the error on the Domain Controller is
pwd incorrect. 
In my config the username was sent without a domain name. 
So first I changed the specific realm ( from strip to nostrip. This
send the username with 
than I created a rule in NPS to replace "" with the right Intel
...and it worked :)

The same applies for any other proxy server, not just NPS. 

View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list