Protocol recommendation

Olivier oza.4h07 at gmail.com
Tue Apr 5 17:22:36 UTC 2022


Hello,

I've read this [1] article. It is very interesting but I would
appreciate some explaination about the final recommendations
paragraph.

Specifically, this paragraph contains:
"If MS-CHAPv2 is required for operational or inter-operability
reasons, we recommend running it over a secure management network. The
Microsoft MFA server does not support MFA with MS-CHAPv2. Or, running
TTLS + MS-CHAPv2. Though it has no benefits (and many drawbacks!) over
TTLS + PAP."

1. What does "we recommend running [MS-CHAPv2] over a secure
management network"  implies, here ?

2. What does "Or, running TTLS + MS-CHAPv2" excatly means, here ?

[1] https://networkradius.com/articles/2022/02/20/how-authentication-protocols-work.html
[2] https://www.securew2.com/blog/pitfalls-of-eap-ttls-pap

Best regards


More information about the Freeradius-Users mailing list