Thank you for all the inputs. I resolved the issue. The root casue was the
missing domain name.
Although the username is found in the active directory, the domain name must
be sent because it is part of the blob and most likley part of the hash (the
function is probably LsaLogonUser).
if the do
Are the MS CHAP patched available separately to apply on previous versions?
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp2778983p3267668.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subs
There was one things I think I neglected to mention: we use FR 1.1.7. Quite
old. We cannot uograde right now. I found info about some MS CHAP v2 related
issue in the older versions of FR, but not the exact same issue I have. Does
that ring a bell to you about knwon issues with older versions? Mayb
Alan, if it is working for others it will be probably very easy to the
relevant expert to resolve our issue. Can we engage with someone (yourself
or someone else) for consulting?
Sagi
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v
thank you guys for all the help. It still does not work, but I made some
progress with the elimination testing.
I cannot test PAP with my system. it support TTLS-MS CHAP v2 only.
I used a test client (RadEap test) and successfully authenticated using
EAP-MS CHAP v2 with the NPS. Also tested suc
Thnks Alan. The challenge is that it doesn't work although it is all NTLM
std.
you mention Samba ad NTLM Auth.
In our design we don't use Samba because the server which performs auth with
the AD is the NPS. Are you suggesting that the FR server needs to have
Samaba when doing the MS CHAP v2 prox
Hi Alan
The issue is that the MS CHAP v2 authentication fails. it succeeds when the
2nd Radius is FR and fails with MS NPS.
Sniffer traces show tha the dialog between the MS CHAP v2 FR and the DC is
different then the one between the NPS and the DC.
Thnks
Sagi
--
View this message in context:
Did anyone ever managed to establish a radius proxy between FR and another
Radius server, such as NPS or ACS?
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp2778983p3208535.html
Sent from the FreeRadius - User mailing list arch
8 matches
Mail list logo