Machine authentications with proxy-inner-tunnel and NPS as backend

Herwin Weststrate herwin at
Mon Jul 21 12:51:07 CEST 2014

On 21-07-14 11:03, Phil Mayers wrote:
> On 21/07/2014 09:49, Herwin Weststrate wrote:
>> Has anyone ever tried something like this and got the setup working?
> I haven't tried it, but there's no fundamental reason it wouldn't work.
> Can you post a debug i.e. "radiusd -X | tee log" of a failing case?

I've got one at, but there's
not that much information it gives. Starting at line 2052, it tries to
send a packet to (which is an NPS) an receives an
Access-Reject. There is nothing interesting happening before, and
afterwards it behaves like it should when receiving an Access-Reject.

In case someone is wondering about the unspecified Vendor Specific
Attributes: the are sometimes sent by HP devices, see The
behaviour doesn't change when a different Access Point is used.

The exact error message in Active Directory is "Authentication failed
due to a user credentials mismatch. Either the user name provided does
not map to an existing user account or the password was incorrect."

Herwin Weststrate

More information about the Freeradius-Users mailing list