Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Thank you for your answer. I have contacted Microsoft to help me. Best wishes, Marko -- View this message in context: http://freeradius.1045715.n5.nabble.com/FR-2-1-0-ubuntu-proxying-to-NPS-IAS-tp2766222p3367101.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
On 2011/02/02 12:32 AM, hellbird wrote: Thank you for your answer. I have contacted Microsoft to help me. Would be really interesting to know if it works contacting them!! -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
On 2011/02/02 12:32 AM, hellbird wrote: Thank you for your answer. I have contacted Microsoft to help me. Would be really interesting to know if it works contacting them!! -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hello,
I have another problem but has also to do with User-Name attribute and NPS.
We are using NPS and anonymous identity but RADIUS client doesn't receive
User-Name attribute from RADIUS.
rad_recv: Access-Accept packet from host * port 1812, id=238, length=310
Framed-Protocol = PPP
Service-Type = Framed-User
EAP-Message = 0x030c0004
Class =
0xf1280c4a0232432434200c2f9eeb4f43324ef0439ff37ba01cbb2c93593bdf73c23
MS-Link-Utilization-Threshold = 50
MS-Link-Drop-Time-Limit = 120
MS-CHAP-Domain = \001GESS
MS-CHAP2-Success =
0x01533d39323343032413837314546363935384230302343433634343532443234141383830383738
MS-MPPE-Send-Key =
0x25bd8ba41cc76a2ee1424b4b52f1625ef9e4280c6f2b8ba02324eab3fab497e
MS-MPPE-Recv-Key =
0x35814263a2dacc3ee60cb0331ce8c6a4c4bf6bf412a5f6a9a9e675ca8fbbd55
Message-Authenticator = 0xd0dde8a213b95e3d23019fb13ca546a2
Proxy-State = 0x3130
Wed Jan 15 12:32:05 2011 : Info: +- entering group post-proxy {...}
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/FR-2-1-0-ubuntu-proxying-to-NPS-IAS-tp2766222p3364336.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
On 31/01/11 11:48, hellbird wrote: Hello, I have another problem but has also to do with User-Name attribute and NPS. We are using NPS and anonymous identity but RADIUS client doesn't receive User-Name attribute from RADIUS. The problem is at the NPS side. You will need to fix NPS. You may find it can't do this. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
hellbird wrote: I have another problem but has also to do with User-Name attribute and NPS. We are using NPS and anonymous identity but RADIUS client doesn't receive User-Name attribute from RADIUS. You're looking at the Access-Accept, not the Access-Request. There's often no User-Name in an Access-Accept. Again, read *all* of the debugging output. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Ville Leinonen wrote: I try to use FR to forwarding access-request to NPS servers, but some reason FR/NPS gives User password is incorrect message. I have tripple check that password is correct. When i test IAS to NPS proxy it works. I have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods. Any clue what is wrong? Here is some logs: The shared secret is wrong. Fix it. rad_recv: Access-Request packet from host 192.168.21.150 port 1025, id=57, length=154 User-Name = vle User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328 This is NOT the users password. Fix the shared secrets on the NAS and on FreeRADIUS so that they match. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hi, I have also changed shared secrets and it's not helping. Br, Ville Ville Leinonen wrote: I try to use FR to forwarding access-request to NPS servers, but some reason FR/NPS gives User password is incorrect message. I have tripple check that password is correct. When i test IAS to NPS proxy it works. I have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods. Any clue what is wrong? Here is some logs: The shared secret is wrong. Fix it. rad_recv: Access-Request packet from host 192.168.21.150 port 1025, id=57, length=154 User-Name = vle User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328 This is NOT the users password. Fix the shared secrets on the NAS and on FreeRADIUS so that they match. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hi, I have also changed shared secrets and it's not helping. Br, Ville Ville Leinonen wrote: I try to use FR to forwarding access-request to NPS servers, but some reason FR/NPS gives User password is incorrect message. I have tripple check that password is correct. When i test IAS to NPS proxy it works. I have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods. Any clue what is wrong? Here is some logs: The shared secret is wrong. Fix it. rad_recv: Access-Request packet from host 192.168.21.150 port 1025, id=57, length=154 User-Name = vle User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328 This is NOT the users password. Fix the shared secrets on the NAS and on FreeRADIUS so that they match. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hi, Hi, I try to use FR to forwarding access-request to NPS servers, but some reason FR/NPS gives User password is incorrect message. I have tripple check that password is correct. When i test IAS to NPS proxy it works. I have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods. this is usually symptomatic of an incorrect shared secret being entered at one end of the RADIUS link alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hi, I just compile 2.1.6 from src and it's start to works. Thanks for everyone that tryed to help me. Br, Ville Hi, Hi, I try to use FR to forwarding access-request to NPS servers, but some reason FR/NPS gives User password is incorrect message. I have tripple check that password is correct. When i test IAS to NPS proxy it works. I have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods. this is usually symptomatic of an incorrect shared secret being entered at one end of the RADIUS link alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hi,
I try to use FR to forwarding access-request to NPS servers, but some
reason FR/NPS gives User password is incorrect message. I have tripple
check that password is correct. When i test IAS to NPS proxy it works. I
have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods.
Any clue what is wrong? Here is some logs:
rad_recv: Access-Request packet from host 192.168.21.150 port 1025, id=57,
length=154
User-Name = vle
User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328
NAS-Port = 626688
Called-Station-Id = 192.168.21.150
Calling-Station-Id = 192.168.1.114
NAS-Port-Type = Virtual
Tunnel-Client-Endpoint:0 = 192.168.1.114
NAS-IP-Address = 192.168.21.150
Cisco-AVPair = ip:source-ip=192.168.1.114
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = vle, looking up realm NULL
[suffix] Found realm NULL
[suffix] Adding Stripped-User-Name = vle
[suffix] Adding Realm = NULL
[suffix] Proxying request from user vle to realm NULL
[suffix] Preparing to proxy authentication request to realm NULL
++[suffix] returns updated
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 118 to 192.168.21.200 port 1812
User-Name = vle
User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328
NAS-Port = 626688
Called-Station-Id = 192.168.21.150
Calling-Station-Id = 192.168.1.114
NAS-Port-Type = Virtual
Tunnel-Client-Endpoint:0 = 192.168.1.114
NAS-IP-Address = 192.168.21.150
Cisco-AVPair = ip:source-ip=192.168.1.114
Proxy-State = 0x3537
Proxying request 0 to home server 192.168.21.200 port 1812
Sending Access-Request of id 118 to 192.168.21.200 port 1812
User-Name = vle
User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328
NAS-Port = 626688
Called-Station-Id = 192.168.21.150
Calling-Station-Id = 192.168.1.114
NAS-Port-Type = Virtual
Tunnel-Client-Endpoint:0 = 192.168.1.114
NAS-IP-Address = 192.168.21.150
Cisco-AVPair = ip:source-ip=192.168.1.114
Proxy-State = 0x3537
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Reject packet from host 192.168.21.200 port 1812, id=118,
length=52
Proxy-State = 0x3537
Reply-Message = User password is incorrect
Br,
Ville
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
