VPN authentication from Windows Vista

david at mitton.com david at mitton.com
Fri Feb 9 16:15:01 CET 2007


MS-Chap is in RFC 2433 (Oct 1998)
MS-Chap V2 is in RFC 2759 (Jan 2000)

see also 
Microsoft Specific RADIUS attributes - RFC 2548 (Mar 1999)

Dave.

----Original Message----
From: p.mayers at imperial.ac.uk
Date: Feb 9, 2007 6:01 
To: "FreeRadius users mailing list"<freeradius-users at lists.freeradius.
org>
Subj: Re: VPN authentication from Windows Vista

Lai Fu Keung wrote:
> Hi,
> 
> My users said the VPN login failed with their Windows Vista.
> 
> I enabled freeradius debug. I came across an authentication method,
> md5chap in debug output that my freeradius is currently not 
configured

Do you mean "mschap"?

> to support. If the user unselects "Require Data Encryption" in VPN. 
It
> then works fine.

It uses PAP and sends the password in plaintext (bad idea).

Windows has always done that, back to win95.

> 
> Can anyone confirm the following questions for me?
> 
> 1. Is it that Vista uses md5chap for VPN authentication with "Data
> Encryption"?

Windows has always done that.

> 2. Can freeradius be configured to support md5chap?

Yes

> 
> I don't get a lot of information about md5chap in google. I 
appreciate

That's because there's no such thing - as I said, I think you mean 
"mschap" (or "MSCHAP" or "MS-CHAP" whichever they've called it).

I don't have a vista box handy, I'll fire up a VM and take a look in a 
bit.

> any pointers on this subject and how freeradius can be made to 
support
> it, as radiusd.conf seems no mentioning on this subject.
> 
> Thanks.
> 
> Lai
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.
org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.
org/list/users.html






More information about the Freeradius-Users mailing list