FreeRadius proxy to MS-NPS for MSCHAPv2 authentication.

Alan DeKok aland at
Wed May 16 13:47:39 CEST 2012

Jan Hugo Prins wrote:
> So, far all the packets going from the radius server to the DC contain
> the user-name and the packets coming from the Aruba to the radius server
> also contain the username, so that seems to be ok for now.

  That's good.

> The problem I'm now facing is that I don't seem to get any
> authentication working. When I use radtest to test the whole radius
> setup from radius server to DC I get the following which looks ok to me:
> [root at radius01 ~]# radtest -x -t mschap user01 at poc.domain.fqdn xxxxxxxx

  OK, that's nice.

> But when I try to do the same from my laptop trying to do 802.1x through
> the Aruba it works fine authenticating directly to my radius server /
> openldap combination but proxying to the AD fails. I have attached the
> logfiles of the radius server.
> On the AD I get an error in the eventlog telling the folloing:
> Does anyone have an idea what problem I'm facing here?

  Ask Microsoft what's wrong with their system.

  The debug log you posted also shows that IAS is slow and/or discarding
packets.  Go fix that.

  Alan DeKok.

More information about the Freeradius-Users mailing list