Using RADIUS and active directory to login to devices (Security Concerns)

m.s.rees1 · ‎07-02-2019

I've been recently testing an NPS server to handle RADIUS requests for our network devices, using active directory. Most tutorials I have followed have set the authentication method to be "Unencrypted authentication (PAP, SPAP)" on the server side. This has worked fine for me but raises security concerns and I was wondering what others have done? - The problem is, I can only seem to get the unencrypted authentication method to work, other methods like 'encrypted authentication (CHAP)' just won't allow me to log in.

Does anyone have any insight?

Thanks.

hslai · ‎07-02-2019

If PAP is insecure why is it commonly the only authentication protocol available for Radius? - Information Security Stack Exchange is an interesting read to me.