Re: VPN authentication from Windows Vista
On Fri, 9 Feb 2007, Lai Fu Keung wrote: I enabled freeradius debug. I came across an authentication method, md5chap in debug output that my freeradius is currently not configured to support. If the user unselects Require Data Encryption in VPN. It then works fine. I don't have an answer to your question, but you *do* understand that deselecting require data encryption negates one of the primary reasons for using a VPN, right? -- Jeremy L. Gaddis, MCP, GCWN [EMAIL PROTECTED] LinuxWiz Consulting http://linuxwiz.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: VPN authentication from Windows Vista
Lai Fu Keung wrote: I don't get a lot of information about md5chap in google. I appreciate any pointers on this subject and how freeradius can be made to support it, as radiusd.conf seems no mentioning on this subject. I suspect it's just CHAP. Perhaps you could try posting the debug output from the server, so people who understand the messages can see what's really going on, and offer additional opinions? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: VPN authentication from Windows Vista
Lai Fu Keung wrote: Hi, My users said the VPN login failed with their Windows Vista. I enabled freeradius debug. I came across an authentication method, md5chap in debug output that my freeradius is currently not configured Do you mean mschap? to support. If the user unselects Require Data Encryption in VPN. It then works fine. It uses PAP and sends the password in plaintext (bad idea). Windows has always done that, back to win95. Can anyone confirm the following questions for me? 1. Is it that Vista uses md5chap for VPN authentication with Data Encryption? Windows has always done that. 2. Can freeradius be configured to support md5chap? Yes I don't get a lot of information about md5chap in google. I appreciate That's because there's no such thing - as I said, I think you mean mschap (or MSCHAP or MS-CHAP whichever they've called it). I don't have a vista box handy, I'll fire up a VM and take a look in a bit. any pointers on this subject and how freeradius can be made to support it, as radiusd.conf seems no mentioning on this subject. Thanks. Lai - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: VPN authentication from Windows Vista
MS-Chap is in RFC 2433 (Oct 1998) MS-Chap V2 is in RFC 2759 (Jan 2000) see also Microsoft Specific RADIUS attributes - RFC 2548 (Mar 1999) Dave. Original Message From: [EMAIL PROTECTED] Date: Feb 9, 2007 6:01 To: FreeRadius users mailing list[EMAIL PROTECTED] org Subj: Re: VPN authentication from Windows Vista Lai Fu Keung wrote: Hi, My users said the VPN login failed with their Windows Vista. I enabled freeradius debug. I came across an authentication method, md5chap in debug output that my freeradius is currently not configured Do you mean mschap? to support. If the user unselects Require Data Encryption in VPN. It then works fine. It uses PAP and sends the password in plaintext (bad idea). Windows has always done that, back to win95. Can anyone confirm the following questions for me? 1. Is it that Vista uses md5chap for VPN authentication with Data Encryption? Windows has always done that. 2. Can freeradius be configured to support md5chap? Yes I don't get a lot of information about md5chap in google. I appreciate That's because there's no such thing - as I said, I think you mean mschap (or MSCHAP or MS-CHAP whichever they've called it). I don't have a vista box handy, I'll fire up a VM and take a look in a bit. any pointers on this subject and how freeradius can be made to support it, as radiusd.conf seems no mentioning on this subject. Thanks. Lai - List info/subscribe/unsubscribe? See http://www.freeradius. org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius. org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
VPN authentication from Windows Vista
Hi, My users said the VPN login failed with their Windows Vista. I enabled freeradius debug. I came across an authentication method, md5chap in debug output that my freeradius is currently not configured to support. If the user unselects Require Data Encryption in VPN. It then works fine. Can anyone confirm the following questions for me? 1. Is it that Vista uses md5chap for VPN authentication with Data Encryption? 2. Can freeradius be configured to support md5chap? I don't get a lot of information about md5chap in google. I appreciate any pointers on this subject and how freeradius can be made to support it, as radiusd.conf seems no mentioning on this subject. Thanks. Lai - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
