LDAP Query Question

  • Thread starter Thread starter Chris
  • Start date Start date
C

Chris

This question is in reguards to how AD responds to an LDAP Authentication
Request coming from a non-Microsoft RADIUS server.

What I need to know is if AD returns the password from a LDAP authentication
request in MS_CHAP_v2 format or is it in Clear Text ?

We are trying to configure several devices for a secure wireless signon.

On the client side is a Windows XP Pro SP2 laptop using the Windows Zero
Config service.
802.1x authentication WPA/TKIP and EAP-PEAP/MS_CHAP_V2 manually sign-on

RADIUS server (Juniper SBR 6.0.1) acceptes the requests without a problem.
But when it tryies to authenticate the MS_CHAP it fails everytime. So I'm
wondering is what is AD sending back to RADIUS.
Any help would be great.

Thank you
 
Chris said:
This question is in reguards to how AD responds to an LDAP Authentication
Request coming from a non-Microsoft RADIUS server.

What I need to know is if AD returns the password from a LDAP
authentication request in MS_CHAP_v2 format or is it in Clear Text ?

We are trying to configure several devices for a secure wireless signon.

On the client side is a Windows XP Pro SP2 laptop using the Windows Zero
Config service.
802.1x authentication WPA/TKIP and EAP-PEAP/MS_CHAP_V2 manually sign-on

RADIUS server (Juniper SBR 6.0.1) acceptes the requests without a problem.
But when it tryies to authenticate the MS_CHAP it fails everytime. So I'm
wondering is what is AD sending back to RADIUS.
Any help would be great.
Click to expand...

AD does not save or know the password, only the hash value. In fact, the
password is never sent over the network from the client. If someone monitors
the network, they see only the hash.

I forget the details, but the DC may return a salt value to the client
required to generate the hash.
 
Back
Top