Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

cannot use CHAP,MSCHAP for the authentication on windows2000

cannot use CHAP,MSCHAP for the authentication on windows2000

connect to Radius through PIX 515E

when i check PAP option out ,the client cannot connect to the internal network

it always try to authenticate by using PAP

2 REPLIES
Silver

Re: cannot use CHAP,MSCHAP for the authentication on windows2000

I believe that is the way it is meant to work. While using NT/2000AD, CHAP is not supported. For more information, please refer to "Guidelines for Placing ACS in the Network" at http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080092567.shtml. Please look under 'Table 1: ACS Database Optional'.

New Member

Re: cannot use CHAP,MSCHAP for the authentication on windows2000

What RADIUS Server are you using? We expeienced this problem until we replaced Steel-Belted RADIUS with Microsoft's IAS. Somehow there is a hook into AD from IAS to read passwords in clear text allowing CHAP to work. If you have a NT Domain, there is a registry hack to apply to the PDC and BDC's that store password in clear text in the SAM that IAS can then access (the user has to simply reset their password in order for the password to be stored as clear text)

107
Views
0
Helpful
2
Replies