sbaror wrote: > thank you guys for all the help. It still does not work, but I made some > progress with the elimination testing. > I cannot test PAP with my system. it support TTLS-MS CHAP v2 only. > I used a test client (RadEap test) and successfully authenticated using > EAP-MS CHAP v2 with the NPS. Also tested successfully PEAP-MS CHAP v2 using > Wirelss 802.1x. > So my NPS is fine. problem is with it conversation with the FR. > I could not test naked MS CHAP v2 becasue i cannot find any system or test > client which support it.
There's an MS-CHAPv1 client. You were already told where it was. > Maybe the issue lies here. Maybe there is a misunderrstanding between the FR > and NPS about the protocol. I doubt that. > Do you know if the MS CHAP v2 proxy from FR is naked or supposed to be > EAP-MS CHAP v2? > The NPS clearly shows it identifies it as naked. You configured FreeRADIUS to proxy it that way. > Has anyone ever manage to do this split authentication thing, when the FR is > doing TLS and then proxy MS CHAP v2 to a non-FR server? All the time. It works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html