SV: FR proxy to ACS and NPS with MS CHAP v2

Alan DeKok aland at deployingradius.com
Tue Oct 12 15:49:30 CEST 2010


sbaror wrote:
> Hi Alan
> The issue is that the MS CHAP v2 authentication fails. it succeeds when the
> 2nd Radius is FR and fails with MS NPS. 
> Sniffer traces show tha the dialog between the MS CHAP v2 FR and the DC is
> different then the one between the NPS and the DC. 

  Yes.  NPS uses magic AD protocols.  Samba (which FreeRADIUS uses)
implements the old NT protocols.

  That doesn't matter.

  What matters is configuring FreeRADIUS correctly.  It's not hard to
set up ntlm_auth to AD.  It's documented in a number of places,
including my web site:

	http://deployingradius.com

  Alan DeKok.



More information about the Freeradius-Users mailing list