thank you guys for all the help. It still does not work, but I made some progress with the elimination testing. I cannot test PAP with my system. it support TTLS-MS CHAP v2 only. I used a test client (RadEap test) and successfully authenticated using EAP-MS CHAP v2 with the NPS. Also tested successfully PEAP-MS CHAP v2 using Wirelss 802.1x. So my NPS is fine. problem is with it conversation with the FR. I could not test naked MS CHAP v2 becasue i cannot find any system or test client which support it. Maybe the issue lies here. Maybe there is a misunderrstanding between the FR and NPS about the protocol.
Do you know if the MS CHAP v2 proxy from FR is naked or supposed to be EAP-MS CHAP v2? The NPS clearly shows it identifies it as naked. Has anyone ever manage to do this split authentication thing, when the FR is doing TLS and then proxy MS CHAP v2 to a non-FR server? Thnks Sagi -- View this message in context: http://freeradius.1045715.n5.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp2778983p3236701.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html