04-28-2003 09:29 PM - edited 02-21-2020 10:06 AM
cannot use CHAP,MSCHAP for the authentication on windows2000
connect to Radius through PIX 515E
when i check PAP option out ,the client cannot connect to the internal network
it always try to authenticate by using PAP
05-02-2003 10:38 AM
I believe that is the way it is meant to work. While using NT/2000AD, CHAP is not supported. For more information, please refer to "Guidelines for Placing ACS in the Network" at http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080092567.shtml. Please look under 'Table 1: ACS Database Optional'.
05-07-2003 11:53 AM
What RADIUS Server are you using? We expeienced this problem until we replaced Steel-Belted RADIUS with Microsoft's IAS. Somehow there is a hook into AD from IAS to read passwords in clear text allowing CHAP to work. If you have a NT Domain, there is a registry hack to apply to the PDC and BDC's that store password in clear text in the SAM that IAS can then access (the user has to simply reset their password in order for the password to be stored as clear text)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide