Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1401
Views
0
Helpful
2
Replies

cannot use CHAP,MSCHAP for the authentication on windows2000

sirisak.c
Level 1
Level 1

‎04-28-2003 09:29 PM - edited ‎02-21-2020 10:06 AM

cannot use CHAP,MSCHAP for the authentication on windows2000

connect to Radius through PIX 515E

when i check PAP option out ,the client cannot connect to the internal network

it always try to authenticate by using PAP

Labels:
0 Helpful
2 Replies 2

drolemc
Level 6
Level 6

‎05-02-2003 10:38 AM

I believe that is the way it is meant to work. While using NT/2000AD, CHAP is not supported. For more information, please refer to "Guidelines for Placing ACS in the Network" at http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080092567.shtml. Please look under 'Table 1: ACS Database Optional'.

0 Helpful

asaperstein
Level 1
Level 1

‎05-07-2003 11:53 AM

What RADIUS Server are you using? We expeienced this problem until we replaced Steel-Belted RADIUS with Microsoft's IAS. Somehow there is a hook into AD from IAS to read passwords in clear text allowing CHAP to work. If you have a NT Domain, there is a registry hack to apply to the PDC and BDC's that store password in clear text in the SAM that IAS can then access (the user has to simply reset their password in order for the password to be stored as clear text)

0 Helpful
Customers Also Viewed These Support Documents