FreeRadius proxy to MS-NPS for MSCHAPv2 authentication.
Alan DeKok
aland at deployingradius.com
Wed May 16 13:47:39 CEST 2012
Jan Hugo Prins wrote:
> So, far all the packets going from the radius server to the DC contain
> the user-name and the packets coming from the Aruba to the radius server
> also contain the username, so that seems to be ok for now.
That's good.
> The problem I'm now facing is that I don't seem to get any
> authentication working. When I use radtest to test the whole radius
> setup from radius server to DC I get the following which looks ok to me:
>
> [root at radius01 ~]# radtest -x -t mschap user01 at poc.domain.fqdn xxxxxxxx
OK, that's nice.
> But when I try to do the same from my laptop trying to do 802.1x through
> the Aruba it works fine authenticating directly to my radius server /
> openldap combination but proxying to the AD fails. I have attached the
> logfiles of the radius server.
>
> On the AD I get an error in the eventlog telling the folloing:
...
> Does anyone have an idea what problem I'm facing here?
Ask Microsoft what's wrong with their system.
The debug log you posted also shows that IAS is slow and/or discarding
packets. Go fix that.
Alan DeKok.
More information about the Freeradius-Users
mailing list