Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Thank you for your answer. I have contacted Microsoft to help me. Best wishes, Marko -- View this message in context: http://freeradius.1045715.n5.nabble.com/FR-2-1-0-ubuntu-proxying-to-NPS-IAS-tp2766222p3367101.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
On 2011/02/02 12:32 AM, hellbird wrote: Thank you for your answer. I have contacted Microsoft to help me. Would be really interesting to know if it works contacting them!! -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
On 2011/02/02 12:32 AM, hellbird wrote: Thank you for your answer. I have contacted Microsoft to help me. Would be really interesting to know if it works contacting them!! -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hello, I have another problem but has also to do with User-Name attribute and NPS. We are using NPS and anonymous identity but RADIUS client doesn't receive User-Name attribute from RADIUS. rad_recv: Access-Accept packet from host * port 1812, id=238, length=310 Framed-Protocol = PPP Service-Type = Framed-User EAP-Message = 0x030c0004 Class = 0xf1280c4a0232432434200c2f9eeb4f43324ef0439ff37ba01cbb2c93593bdf73c23 MS-Link-Utilization-Threshold = 50 MS-Link-Drop-Time-Limit = 120 MS-CHAP-Domain = \001GESS MS-CHAP2-Success = 0x01533d39323343032413837314546363935384230302343433634343532443234141383830383738 MS-MPPE-Send-Key = 0x25bd8ba41cc76a2ee1424b4b52f1625ef9e4280c6f2b8ba02324eab3fab497e MS-MPPE-Recv-Key = 0x35814263a2dacc3ee60cb0331ce8c6a4c4bf6bf412a5f6a9a9e675ca8fbbd55 Message-Authenticator = 0xd0dde8a213b95e3d23019fb13ca546a2 Proxy-State = 0x3130 Wed Jan 15 12:32:05 2011 : Info: +- entering group post-proxy {...} -- View this message in context: http://freeradius.1045715.n5.nabble.com/FR-2-1-0-ubuntu-proxying-to-NPS-IAS-tp2766222p3364336.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
On 31/01/11 11:48, hellbird wrote: Hello, I have another problem but has also to do with User-Name attribute and NPS. We are using NPS and anonymous identity but RADIUS client doesn't receive User-Name attribute from RADIUS. The problem is at the NPS side. You will need to fix NPS. You may find it can't do this. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
hellbird wrote: I have another problem but has also to do with User-Name attribute and NPS. We are using NPS and anonymous identity but RADIUS client doesn't receive User-Name attribute from RADIUS. You're looking at the Access-Accept, not the Access-Request. There's often no User-Name in an Access-Accept. Again, read *all* of the debugging output. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Ville Leinonen wrote: I try to use FR to forwarding access-request to NPS servers, but some reason FR/NPS gives User password is incorrect message. I have tripple check that password is correct. When i test IAS to NPS proxy it works. I have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods. Any clue what is wrong? Here is some logs: The shared secret is wrong. Fix it. rad_recv: Access-Request packet from host 192.168.21.150 port 1025, id=57, length=154 User-Name = vle User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328 This is NOT the users password. Fix the shared secrets on the NAS and on FreeRADIUS so that they match. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hi, I have also changed shared secrets and it's not helping. Br, Ville Ville Leinonen wrote: I try to use FR to forwarding access-request to NPS servers, but some reason FR/NPS gives User password is incorrect message. I have tripple check that password is correct. When i test IAS to NPS proxy it works. I have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods. Any clue what is wrong? Here is some logs: The shared secret is wrong. Fix it. rad_recv: Access-Request packet from host 192.168.21.150 port 1025, id=57, length=154 User-Name = vle User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328 This is NOT the users password. Fix the shared secrets on the NAS and on FreeRADIUS so that they match. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hi, I have also changed shared secrets and it's not helping. Br, Ville Ville Leinonen wrote: I try to use FR to forwarding access-request to NPS servers, but some reason FR/NPS gives User password is incorrect message. I have tripple check that password is correct. When i test IAS to NPS proxy it works. I have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods. Any clue what is wrong? Here is some logs: The shared secret is wrong. Fix it. rad_recv: Access-Request packet from host 192.168.21.150 port 1025, id=57, length=154 User-Name = vle User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328 This is NOT the users password. Fix the shared secrets on the NAS and on FreeRADIUS so that they match. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hi, Hi, I try to use FR to forwarding access-request to NPS servers, but some reason FR/NPS gives User password is incorrect message. I have tripple check that password is correct. When i test IAS to NPS proxy it works. I have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods. this is usually symptomatic of an incorrect shared secret being entered at one end of the RADIUS link alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hi, I just compile 2.1.6 from src and it's start to works. Thanks for everyone that tryed to help me. Br, Ville Hi, Hi, I try to use FR to forwarding access-request to NPS servers, but some reason FR/NPS gives User password is incorrect message. I have tripple check that password is correct. When i test IAS to NPS proxy it works. I have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods. this is usually symptomatic of an incorrect shared secret being entered at one end of the RADIUS link alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR 2.1.0 (ubuntu) proxying to NPS/IAS.
Hi, I try to use FR to forwarding access-request to NPS servers, but some reason FR/NPS gives User password is incorrect message. I have tripple check that password is correct. When i test IAS to NPS proxy it works. I have enable in NPS side MS-CHAP-v2, MS-CHAP, CHAP and PAP/SPAP methods. Any clue what is wrong? Here is some logs: rad_recv: Access-Request packet from host 192.168.21.150 port 1025, id=57, length=154 User-Name = vle User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328 NAS-Port = 626688 Called-Station-Id = 192.168.21.150 Calling-Station-Id = 192.168.1.114 NAS-Port-Type = Virtual Tunnel-Client-Endpoint:0 = 192.168.1.114 NAS-IP-Address = 192.168.21.150 Cisco-AVPair = ip:source-ip=192.168.1.114 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = vle, looking up realm NULL [suffix] Found realm NULL [suffix] Adding Stripped-User-Name = vle [suffix] Adding Realm = NULL [suffix] Proxying request from user vle to realm NULL [suffix] Preparing to proxy authentication request to realm NULL ++[suffix] returns updated [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop +- entering group pre-proxy {...} ++[files] returns noop Sending Access-Request of id 118 to 192.168.21.200 port 1812 User-Name = vle User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328 NAS-Port = 626688 Called-Station-Id = 192.168.21.150 Calling-Station-Id = 192.168.1.114 NAS-Port-Type = Virtual Tunnel-Client-Endpoint:0 = 192.168.1.114 NAS-IP-Address = 192.168.21.150 Cisco-AVPair = ip:source-ip=192.168.1.114 Proxy-State = 0x3537 Proxying request 0 to home server 192.168.21.200 port 1812 Sending Access-Request of id 118 to 192.168.21.200 port 1812 User-Name = vle User-Password = \2063\261m\301\344J\216sCÑ \035\003\2328 NAS-Port = 626688 Called-Station-Id = 192.168.21.150 Calling-Station-Id = 192.168.1.114 NAS-Port-Type = Virtual Tunnel-Client-Endpoint:0 = 192.168.1.114 NAS-IP-Address = 192.168.21.150 Cisco-AVPair = ip:source-ip=192.168.1.114 Proxy-State = 0x3537 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Reject packet from host 192.168.21.200 port 1812, id=118, length=52 Proxy-State = 0x3537 Reply-Message = User password is incorrect Br, Ville - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html