02-19-2015 11:19 PM
I try to authenticate via LDAP server
I entered username/password and choose authentication type was PAP. It's successful
but If i choose authentication type was MS-CHAPS-V2,
There's alert that "Internal Error : Invalid response (-1)".
I want to know for LDAP authentication. Can I authenticaion as MS-CHAPS-V2 ? and this authentication method Are secure ?
02-20-2015 12:39 AM
LDAP does not support MS-CHAPv2, as that is a challenge-response protocol which needs access to either the plaintext password or the NT-hash of the user password. I don't know of any LDAP server that supports this. You should be able to use EAP-GTC against an LDAP server, which is supported as a standard, but is not supported out-of-the box by Microsoft Windows (works with most other platforms).
When running ClearPass, if you have access to the unencrypted password or hash of the password, you can use that. For the Novell LDAP, there is information on how to tweak your eDirectory to expose the password information over LDAP. By default, most LDAP servers do not expose that information for the obvious security reasons.
If you have urgent issues, please contact your Aruba partner or Aruba TAC.