VPN authentication from Windows Vista
Phil Mayers
p.mayers at imperial.ac.uk
Fri Feb 9 12:01:07 CET 2007
Lai Fu Keung wrote:
> Hi,
>
> My users said the VPN login failed with their Windows Vista.
>
> I enabled freeradius debug. I came across an authentication method,
> md5chap in debug output that my freeradius is currently not configured
Do you mean "mschap"?
> to support. If the user unselects "Require Data Encryption" in VPN. It
> then works fine.
It uses PAP and sends the password in plaintext (bad idea).
Windows has always done that, back to win95.
>
> Can anyone confirm the following questions for me?
>
> 1. Is it that Vista uses md5chap for VPN authentication with "Data
> Encryption"?
Windows has always done that.
> 2. Can freeradius be configured to support md5chap?
Yes
>
> I don't get a lot of information about md5chap in google. I appreciate
That's because there's no such thing - as I said, I think you mean
"mschap" (or "MSCHAP" or "MS-CHAP" whichever they've called it).
I don't have a vista box handy, I'll fire up a VM and take a look in a bit.
> any pointers on this subject and how freeradius can be made to support
> it, as radiusd.conf seems no mentioning on this subject.
>
> Thanks.
>
> Lai
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list