Am 20.05.2008 um 16:05 schrieb Dean, Barry:
Alan DeKok said:
It is impossible to use CHAP to authenticate to AD. You MUST use
MS-CHAP, or PAP.
When testing my Radius server with AD and XSupplicant I found that
EAP-TTLS with MD5 inner auth and EAP-MD5 as well as EAP-TTLS with
CHAP inner auth all failed.
So you have explained why EAP-TTLS (CHAP) fails, thanks!
So, is EAP-MD5 and EAP-TTLS (MD5) not possible also, or is my
Radius config broken?
As far as I understand, the password for MS-CHAP is MD4 on UTF-16LE.
So if you have only a password for MS-CHAP, you do not have a MD5
version of the password.
---------------
Barry Dean
Networks Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
users.html
Have a nice day!
Nicolas Goutte
extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
