Short question, quick quick negative answer, but possible option buried in longer discussion :)

Nope. EAP-MD5 is not compatible with the AD or NT Sam. Only supported to ACS DB.

Other options include:

1) using the local ACS db (I know, you lose the advantage of the integrated DB, but that's not a characteristic of ACS, but rather of AD and SAM)

2) you can use EAP-TLS, but it requires that the client have a certificate installed, and that a cert server be installed on the NT/AD DC. In my opinion, difficult to achieve if you have lots of supplicants (clients) to install the certs on.

3) you may be able to do PEAP (server-side authentication ) to the NT DB for catalyst switches, which doesn't require a certificate on the client. Although I haven't personally tested this on a catalyst switch, I've tested PEAP on wireless and I've tested EAP-MD5 on the switch, so between the two.....

I think it should work. The reason is, PEAP support is just tunneled EAP, so to the switch, it should just be EAP - it's the authenticator (ACS) and the supplicant (XP) that really matter. If you pursue it and it works, I'd like to know.

Here's some references that may be helpful:

1) PEAP Limitations (external db's only - local ACCS db will be supported in future version of ACS)

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/rnacs311.htm#xtocid16

2) Some helpful descriptions of PEAP support, including supported external DB's (although this references wireless, most of this applies to PEAP in general)

http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/1942_pp.htm

3) Discussion of EAP and configuration of EAP on catalyst switches

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/rel7_2/config/authent.htm#xtocid9

4) White Paper: Guidelines for the Deployment of

Cisco Secure ACS for Windows NT/2000 Servers in a Cisco Catalyst Switch Environment

http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/deacs_wp.htm

HTH

Jeff