Re: SV: FR proxy to ACS and NPS with MS CHAP v2

Thank you for all the inputs. I resolved the issue. The root casue was the missing domain name. Although the username is found in the active directory, the domain name must be sent because it is part of the blob and most likley part of the hash (the function is probably LsaLogonUser). if the do

Re: SV: FR proxy to ACS and NPS with MS CHAP v2

Are the MS CHAP patched available separately to apply on previous versions? -- View this message in context: http://freeradius.1045715.n5.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp2778983p3267668.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subs

Re: SV: FR proxy to ACS and NPS with MS CHAP v2

There was one things I think I neglected to mention: we use FR 1.1.7. Quite old. We cannot uograde right now. I found info about some MS CHAP v2 related issue in the older versions of FR, but not the exact same issue I have. Does that ring a bell to you about knwon issues with older versions? Mayb

Re: SV: FR proxy to ACS and NPS with MS CHAP v2

Alan, if it is working for others it will be probably very easy to the relevant expert to resolve our issue. Can we engage with someone (yourself or someone else) for consulting? Sagi -- View this message in context: http://freeradius.1045715.n5.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v

Re: SV: FR proxy to ACS and NPS with MS CHAP v2

thank you guys for all the help. It still does not work, but I made some progress with the elimination testing. I cannot test PAP with my system. it support TTLS-MS CHAP v2 only. I used a test client (RadEap test) and successfully authenticated using EAP-MS CHAP v2 with the NPS. Also tested suc

Re: SV: FR proxy to ACS and NPS with MS CHAP v2

Thnks Alan. The challenge is that it doesn't work although it is all NTLM std. you mention Samba ad NTLM Auth. In our design we don't use Samba because the server which performs auth with the AD is the NPS. Are you suggesting that the FR server needs to have Samaba when doing the MS CHAP v2 prox

Re: SV: FR proxy to ACS and NPS with MS CHAP v2

Hi Alan The issue is that the MS CHAP v2 authentication fails. it succeeds when the 2nd Radius is FR and fails with MS NPS. Sniffer traces show tha the dialog between the MS CHAP v2 FR and the DC is different then the one between the NPS and the DC. Thnks Sagi -- View this message in context:

Re: SV: FR proxy to ACS and NPS with MS CHAP v2

Did anyone ever managed to establish a radius proxy between FR and another Radius server, such as NPS or ACS? -- View this message in context: http://freeradius.1045715.n5.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp2778983p3208535.html Sent from the FreeRadius - User mailing list arch