SV: FR proxy to ACS and NPS with MS CHAP v2

sbaror sagi.bar-or at intel.com
Tue Oct 26 10:29:32 CEST 2010


thank you guys for all the help. It still does not work, but I made some
progress with the elimination testing.  
I cannot test PAP with my system. it support TTLS-MS CHAP v2 only. 
I used a test client (RadEap test) and successfully authenticated using
EAP-MS CHAP v2 with the NPS. Also tested successfully PEAP-MS CHAP v2 using
Wirelss 802.1x. 
So my NPS is fine. problem is with it conversation with the FR. 
I could not test naked MS CHAP v2 becasue i cannot find any system or test
client which support it. 
Maybe the issue lies here. Maybe there is a misunderrstanding between the FR
and NPS about the protocol. 

Do you know if the MS CHAP v2 proxy from FR is naked or supposed to be
EAP-MS CHAP v2?
The NPS clearly shows it identifies it as naked. 

Has anyone ever manage to do this split authentication thing, when the FR is
doing TLS and then proxy MS CHAP v2 to a non-FR server?

Thnks
Sagi 
-- 
View this message in context: http://freeradius.1045715.n5.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp2778983p3236701.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list