SV: FR proxy to ACS and NPS with MS CHAP v2
Alan DeKok
aland at deployingradius.com
Tue Oct 26 16:15:24 CEST 2010
sbaror wrote:
> thank you guys for all the help. It still does not work, but I made some
> progress with the elimination testing.
> I cannot test PAP with my system. it support TTLS-MS CHAP v2 only.
> I used a test client (RadEap test) and successfully authenticated using
> EAP-MS CHAP v2 with the NPS. Also tested successfully PEAP-MS CHAP v2 using
> Wirelss 802.1x.
> So my NPS is fine. problem is with it conversation with the FR.
> I could not test naked MS CHAP v2 becasue i cannot find any system or test
> client which support it.
There's an MS-CHAPv1 client. You were already told where it was.
> Maybe the issue lies here. Maybe there is a misunderrstanding between the FR
> and NPS about the protocol.
I doubt that.
> Do you know if the MS CHAP v2 proxy from FR is naked or supposed to be
> EAP-MS CHAP v2?
> The NPS clearly shows it identifies it as naked.
You configured FreeRADIUS to proxy it that way.
> Has anyone ever manage to do this split authentication thing, when the FR is
> doing TLS and then proxy MS CHAP v2 to a non-FR server?
All the time. It works.
Alan DeKok.
More information about the Freeradius-Users
mailing list