Freeradius and Active directory (An aside)

Dean, Barry B.Dean at
Tue May 20 16:05:51 CEST 2008

Alan DeKok said:

>  It is impossible to use CHAP to authenticate to AD.  You MUST use
> MS-CHAP, or PAP.

When testing my Radius server with AD and XSupplicant I found that EAP-TTLS with MD5 inner auth and EAP-MD5 as well as EAP-TTLS with CHAP inner auth all failed.

So you have explained why EAP-TTLS (CHAP) fails, thanks!

So, is EAP-MD5 and EAP-TTLS (MD5) not possible also, or is my Radius config broken?

Barry Dean
Networks Team

More information about the Freeradius-Users mailing list