So, I made sure all of our settings were configured correctly in proxy.conf and in clients.conf. the way we tested, was i had the IAS server set the reply message to "yes" like John mentioned. This helped a great deal.
What's happening, is when i use the radclient to auth DIRECTLY to the IAS server, i get an Access-Accept response. However, when i use the proxy, they are receiving an encrypted password...either that or an incorrectly encrypted password that cannot be decrypted by their IAS. I am using the Password attribute with radclient rather than User-Password, so i believe when i was using radclient it was sending an unencrypted password. When i run radiusd -X, I am able to see his password, so I'm assuming it's being relayed in plain-text is this correct? or does debug mode decrypt the password for my viewing pleasure? I guess the root of my question is, Does IAS send plain-text passwords? Also is there a way i can send the password to IAS via an encryption method that it can understand without making a global change? this can't be done in proxy.conf, so would the answer than be user specific? On the IAS end the reason why they can't auth is their problem - their proxy is stripping the realm info from teh username and just sending us user@, i.e. no realm info, but how do i set the FR proxy to relay the login info via an encryption method that can be understood by IAS? they accept the following auth methods - MS-CHAP, MS-CHAP V2, CHAP, and PAP. Thanks for your help again guys (gals)! -Ian Savoy John Horne wrote: > On Wed, 2007-05-16 at 17:12 -0400, Ian Savoy wrote: > >> Is there anything else? >> >> > Hi, > > Not sure if it's still relevant but with our IAS servers the sysadmin > made sure it set the reply message to "yes". If you test from freeradius > to the IAS server using the 'radtest' command, and run freeradius as > 'radiusd -X', you should then see something like this from radiusd: > > rad_recv: Access-Accept packet from host 10.1.2.3:1812, id=0, > length=74 > Proxy-State = 0x323235 > Framed-Protocol = PPP > Reply-Message = "Yes" > Service-Type = Framed-User > > > > John. > > -- Ian Savoy Webforce Systems, Inc Operations Support/UNIX Engineer CompTIA A+ Certified Professional Tech. Support: 614-899-9257 x22 Website: http://www.ewebforce.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
