SV: FR proxy to ACS and NPS with MS CHAP v2

sbaror sagi.bar-or at intel.com
Sun Dec 5 23:40:38 CET 2010


Thank you for all the inputs. I resolved the issue. The root casue was the
missing domain name. 

Although the username is found in the active directory, the domain name must
be sent because it is part of the blob and most likley part of the hash (the
function is probably LsaLogonUser). 
if the domain name is not sent than the error on the Domain Controller is
pwd incorrect. 
In my config the username was sent without a domain name. 
So first I changed the specific realm (nps.com) from strip to nostrip. This
send the username with nps.com. 
than I created a rule in NPS to replace "nps.com" with the right Intel
domain. 
...and it worked :)

The same applies for any other proxy server, not just NPS. 

Thnks
Sagi
-- 
View this message in context: http://freeradius.1045715.n5.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp2778983p3293350.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list