SV: FR proxy to ACS and NPS with MS CHAP v2

SagiBarOr sagi.bar-or at intel.com
Tue Jul 27 13:12:16 CEST 2010 

Thank you for the info Jan.  The radiusd-x files were included in the zip
files. Though I guess the other logs were overwhelming. 
I now posted the two log files here. 
The file cn-check_splitauth.log is from the first free radius. 
The file ldap_mschapv2.log is from the second FR server which does the MS
CHAP v2 portion. 
Note that everything works in this confioguration. No issues. What I like
the forum to advise, is what might be non std or missing in the MC CHAP v2
session, which FR overcomes it. 
When I replace the 2nd FR with MS NPS or Cisco NPS the authentication fails,
looks like because the pwd (hash) does not match. 
Thnks
Sagi



Madsen.Jan JMD wrote:
> 
> I think you need to stop the radius process and then start i with radiusd
> -X
> This will run freeradius in the window you are starting it in, in debug
> mode.
> 
> On a Linux it will look something like this
> /usr/sbin/freeradius -X (Default Debian install directory)
> 
> Or in a manually compiled 
> /opt/freeradius-1.1.8/sbin/radiusd -X (My install location)
> 
> And that output it comes from that is what Phil wants :)
> 
> Best regards
> Jan Madsen
> 
> 
> 
> -----Oprindelig meddelelse-----
> Fra: freeradius-users-bounces+jmd=kmd.dk at lists.freeradius.org
> [mailto:freeradius-users-bounces+jmd=kmd.dk at lists.freeradius.org] På vegne
> af SagiBarOr
> Sendt: 15. juli 2010 09:46
> Til: freeradius-users at lists.freeradius.org
> Emne: Re: FR proxy to ACS and NPS with MS CHAP v2
> 
> 
> Thank you for the clarification Phil. I am not sure what "radius -x"
> means. I
> posted the two output files I have. Are these the ones? If not, pls
> elaborate. 
> 
> Note that these are the output files for the two FR servers, for which
> eveything is just fine. What does not work is when the second server is
> not
> FR but NPS or ACS.  I hope this data will suffice to identify the issue or
> at least give good leads. 
> 
> 
> 
> 
> 
> Phil Mayers wrote:
>> 
>> On 07/14/2010 11:17 PM, SagiBarOr wrote:
>>>
>>> Files posted.
>> 
>> No.
>> 
>> Post the output of "radiusd -X" to the list.
>> 
>> We don't need anything else; just that.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> 
>> 
> http://old.nabble.com/file/p29170161/cn-check_splitauth.log
> cn-check_splitauth.log 
> http://old.nabble.com/file/p29170161/ldap_mschapv2.log ldap_mschapv2.log 
> -- 
> View this message in context:
> http://old.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp29132664p29170161.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> __________________________________________________________________________________________
> KMD A/S, Lautrupparken 40-42, DK-2750 Ballerup, CVR-nr. 26911745 
> 
> KMD er medlem af IT-Branchen og Dansk Erhverv samt anmeldt til
> Datatilsynet som edb-servicevirksomhed. KMD er certificeret i henhold til
> ISO 9001:2000, med Dansk Standard som certificerende organ og er desuden
> Microsoft Gold Certified Partner og Certificeret SAP Hosting Center.
> 
> www.kmd.dk   www.kundenet.kmd.dk   www.organisator.dk  
> www.kmdinternational.com
> 
> Hvis du har modtaget denne e-mail ved en fejl, bedes du venligst give mig
> besked herom og slette den.
> If you received this e-mail by mistake, please notify me and delete it.
> Thank you.
> __________________________________________________________________________________________
> KMD A/S, Lautrupparken 40-42, DK-2750 Ballerup, CVR-nr. 26911745 
> 
> KMD er medlem af IT-Branchen og Dansk Erhverv samt anmeldt til
> Datatilsynet som edb-servicevirksomhed. KMD er certificeret i henhold til
> ISO 9001:2000, med Dansk Standard som certificerende organ og er desuden
> Microsoft Gold Certified Partner og Certificeret SAP Hosting Center.
> 
> www.kmd.dk   www.kundenet.kmd.dk   www.organisator.dk  
> www.kmdinternational.com
> 
> Hvis du har modtaget denne e-mail ved en fejl, bedes du venligst give mig
> besked herom og slette den.
> If you received this e-mail by mistake, please notify me and delete it.
> Thank you.
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
http://old.nabble.com/file/p29275298/cn-check_splitauth.log
cn-check_splitauth.log 
http://old.nabble.com/file/p29275298/ldap_mschapv2.log ldap_mschapv2.log 
-- 
View this message in context: http://old.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp29132664p29275298.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list