Thank you for all the inputs. I resolved the issue. The root casue was the missing domain name.
Although the username is found in the active directory, the domain name must be sent because it is part of the blob and most likley part of the hash (the function is probably LsaLogonUser). if the domain name is not sent than the error on the Domain Controller is pwd incorrect. In my config the username was sent without a domain name. So first I changed the specific realm (nps.com) from strip to nostrip. This send the username with nps.com. than I created a rule in NPS to replace "nps.com" with the right Intel domain. ...and it worked :) The same applies for any other proxy server, not just NPS. Thnks Sagi -- View this message in context: http://freeradius.1045715.n5.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp2778983p3293350.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
