Short question, quick quick negative answer, but possible option buried in longer discussion :)
Nope. EAP-MD5 is not compatible with the AD or NT Sam. Only supported to ACS DB.
Other options include:
1) using the local ACS db (I know, you lose the advantage of the integrated DB, but that's not a characteristic of ACS, but rather of AD and SAM)
2) you can use EAP-TLS, but it requires that the client have a certificate installed, and that a cert server be installed on the NT/AD DC. In my opinion, difficult to achieve if you have lots of supplicants (clients) to install the certs on.
3) you may be able to do PEAP (server-side authentication ) to the NT DB for catalyst switches, which doesn't require a certificate on the client. Although I haven't personally tested this on a catalyst switch, I've tested PEAP on wireless and I've tested EAP-MD5 on the switch, so between the two.....
I think it should work. The reason is, PEAP support is just tunneled EAP, so to the switch, it should just be EAP - it's the authenticator (ACS) and the supplicant (XP) that really matter. If you pursue it and it works, I'd like to know.
Here's some references that may be helpful:
1) PEAP Limitations (external db's only - local ACCS db will be supported in future version of ACS)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...