Hi,
> The issue is that the MS CHAP v2 authentication fails. it succeeds when the
> 2nd Radius is FR and fails with MS NPS.
> Sniffer traces show tha the dialog between the MS CHAP v2 FR and the DC is
> different then the one between the NPS and the DC.
I manage a system that involves several hundred RADIUS servers - in which
there are around two thirds FreeRADIUS, proxied through other systems (including
RADIATOR) and onto NPS for authentication and it works.
I'd suggest that you check the attribute filtering that you are doing - you
must ensure
that some basic attributes pass through to the NPS or it will flop.
eg
Proxy-State =* ANY,
EAP-Message =* ANY,
MS-MPPE-Recv-Key =* ANY,
MS-MPPE-Send-Key =* ANY,
MS-CHAP-MPPE-Keys =* ANY,
Message-Authenticator =* ANY,
State =* ANY,
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
