SV: FR proxy to ACS and NPS with MS CHAP v2

SagiBarOr at
Thu Jul 29 14:39:46 CEST 2010

Sure. Here is the picture again: we are doing EAP-TTLS authnentcation with a
partial proxy. We call it "split authentication". One Freeradius server is
doing the TLS phase and then proxy the MS CHAP v2 portion to a second Free
Radius server. 
This works just fine. 
When we try to do the same when the second server (which does the MS CHAP v2
authentication) is not Free Radius, but rather MS NPS or Cisco ACS - the
authentication fails. The connection is refused becasue of bad username or
My question to the forum: although thesystem with 2 FR servers works fine,
can it be that there an issue with the MS CHAP v2 proxy, and only becasue
the second radius is also Free radius, then it tolarates it? 

I know it is a weird request to look for somthing non std or wrong in logs
of a susscessful session, but I still try my luck. Any lead can help. 

Appreciate yuor patience.

Alan DeKok-2 wrote:
> SagiBarOr wrote:
>> Here is another pair of logs which may be more focused than the previous
>> pair. It is of the LDAP portion only
>   Could you explain in *simple* terms what you want?  You've been
> posting large debug outputs with little or no explanation.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list