VPN authentication from Windows Vista
david at mitton.com
david at mitton.com
Fri Feb 9 16:15:01 CET 2007
MS-Chap is in RFC 2433 (Oct 1998)
MS-Chap V2 is in RFC 2759 (Jan 2000)
see also
Microsoft Specific RADIUS attributes - RFC 2548 (Mar 1999)
Dave.
----Original Message----
From: p.mayers at imperial.ac.uk
Date: Feb 9, 2007 6:01
To: "FreeRadius users mailing list"<freeradius-users at lists.freeradius.
org>
Subj: Re: VPN authentication from Windows Vista
Lai Fu Keung wrote:
> Hi,
>
> My users said the VPN login failed with their Windows Vista.
>
> I enabled freeradius debug. I came across an authentication method,
> md5chap in debug output that my freeradius is currently not
configured
Do you mean "mschap"?
> to support. If the user unselects "Require Data Encryption" in VPN.
It
> then works fine.
It uses PAP and sends the password in plaintext (bad idea).
Windows has always done that, back to win95.
>
> Can anyone confirm the following questions for me?
>
> 1. Is it that Vista uses md5chap for VPN authentication with "Data
> Encryption"?
Windows has always done that.
> 2. Can freeradius be configured to support md5chap?
Yes
>
> I don't get a lot of information about md5chap in google. I
appreciate
That's because there's no such thing - as I said, I think you mean
"mschap" (or "MSCHAP" or "MS-CHAP" whichever they've called it).
I don't have a vista box handy, I'll fire up a VM and take a look in a
bit.
> any pointers on this subject and how freeradius can be made to
support
> it, as radiusd.conf seems no mentioning on this subject.
>
> Thanks.
>
> Lai
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.
org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.
org/list/users.html
More information about the Freeradius-Users
mailing list