IAS Radius MD5 support

  • Thread starter Thread starter Doug Griesbaum
  • Start date Start date
D

Doug Griesbaum

I have an instagate-xsp firewall/vpn appliance that also
allows me to attach modems to it to allow dial-in
access. When a user VPN/Dial-in to the appliance I have
it auth against a Win2000 IAS service. When the user
VPN's in the appliance will auth to the Radius box with
MS-CHAPv2 and lets the user log into the network. If the
user dials in the appliance uses MD5-CHAP and the Radius
box will reject the same user who has access on VPN. Any
ideas. The appliance is using Rad Hat 7.3 as it's base
OS.

Thanks, Doug
 
You will need to enable Reversible Encryption on your domain
check http://www.microsoft.com/vpn for details

One piece of advice, Enable MSCHAPv2 for both (vpn&dialup), it's easier to
set up, more secure, and works great.
 
I have read through the information in the link below but am still having problems. I have a Windows NT 4.0 domain with with PDC and BDC. The Windows 2000 server is a member of the WinNT4.0 domain. How do I enable reversible encryption on the NT 4.0 domain to auth to the Windows2000 IAS server using MD5-CHAP

Thank
Dou

----- Sam Salhi [MSFT] wrote: ----

You will need to enable Reversible Encryption on your domai
check http://www.microsoft.com/vpn for detail

One piece of advice, Enable MSCHAPv2 for both (vpn&dialup), it's easier t
set up, more secure, and works great
 
try:
http://support.microsoft.com/default.aspx?scid=kb;us;197506



--
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================


Doug Griesbaum said:
I have read through the information in the link below but am still having
Click to expand...
problems. I have a Windows NT 4.0 domain with with PDC and BDC. The
Windows 2000 server is a member of the WinNT4.0 domain. How do I enable
reversible encryption on the NT 4.0 domain to auth to the Windows2000 IAS
server using MD5-CHAP?
Thanks
Doug

----- Sam Salhi [MSFT] wrote: -----

You will need to enable Reversible Encryption on your domain
check http://www.microsoft.com/vpn for details

One piece of advice, Enable MSCHAPv2 for both (vpn&dialup), it's easier to
set up, more secure, and works great.

--
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================


Doug Griesbaum said:
I have an instagate-xsp firewall/vpn appliance that also
allows me to attach modems to it to allow dial-in
access. When a user VPN/Dial-in to the appliance I have
it auth against a Win2000 IAS service. When the user
VPN's in the appliance will auth to the Radius box with
MS-CHAPv2 and lets the user log into the network. If the
user dials in the appliance uses MD5-CHAP and the Radius
box will reject the same user who has access on VPN. Any
ideas. The appliance is using Rad Hat 7.3 as it's base
OS.
Click to expand...
Click to expand...
 
Back
Top