Freeradius and Active directory (An aside)
Nicolas Goutte
nicolas.goutte at extragroup.de
Tue May 20 16:12:50 CEST 2008
Am 20.05.2008 um 16:05 schrieb Dean, Barry:
> Alan DeKok said:
>
>> It is impossible to use CHAP to authenticate to AD. You MUST use
>> MS-CHAP, or PAP.
>
> When testing my Radius server with AD and XSupplicant I found that
> EAP-TTLS with MD5 inner auth and EAP-MD5 as well as EAP-TTLS with
> CHAP inner auth all failed.
>
> So you have explained why EAP-TTLS (CHAP) fails, thanks!
>
> So, is EAP-MD5 and EAP-TTLS (MD5) not possible also, or is my
> Radius config broken?
As far as I understand, the password for MS-CHAP is MD4 on UTF-16LE.
So if you have only a password for MS-CHAP, you do not have a MD5
version of the password.
>
> ---------------
> Barry Dean
> Networks Team
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
Have a nice day!
Nicolas Goutte
extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
More information about the Freeradius-Users
mailing list