VPN authentication from Windows Vista

Phil Mayers p.mayers at imperial.ac.uk
Fri Feb 9 12:01:07 CET 2007

Lai Fu Keung wrote:
> Hi,
> My users said the VPN login failed with their Windows Vista.
> I enabled freeradius debug. I came across an authentication method,
> md5chap in debug output that my freeradius is currently not configured

Do you mean "mschap"?

> to support. If the user unselects "Require Data Encryption" in VPN. It
> then works fine.

It uses PAP and sends the password in plaintext (bad idea).

Windows has always done that, back to win95.

> Can anyone confirm the following questions for me?
> 1. Is it that Vista uses md5chap for VPN authentication with "Data
> Encryption"?

Windows has always done that.

> 2. Can freeradius be configured to support md5chap?


> I don't get a lot of information about md5chap in google. I appreciate

That's because there's no such thing - as I said, I think you mean 
"mschap" (or "MSCHAP" or "MS-CHAP" whichever they've called it).

I don't have a vista box handy, I'll fire up a VM and take a look in a bit.

> any pointers on this subject and how freeradius can be made to support
> it, as radiusd.conf seems no mentioning on this subject.
> Thanks.
> Lai
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list