Security

Reply
Super Contributor II
Posts: 355
Registered: ‎02-22-2011

MSCHAPv2 and Domain Join

HI All,

 

Can anybody explain in very simple terms why CPPM needs to be joined to a domain to be able to do MSCHAPv2?

 

I'm assuming it's something to do with the MD4/NTLM process but can't find a clear explanation anywhere (that i can decrypt!)

 

Scott

Guru Elite
Posts: 8,447
Registered: ‎09-08-2010

Re: MSCHAPv2 and Domain Join

It’s because MSCHAPv2 uses non-reversible encryption and only a domain controller can answer the challenge.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II
Posts: 355
Registered: ‎02-22-2011

Re: MSCHAPv2 and Domain Join

thanks!

Frequent Contributor I
Posts: 96
Registered: ‎04-09-2007

Re: MSCHAPv2 and Domain Join

Technically anything can answer the challenge, but it needs the nthash of the user's password. Which exists natively in nt domains. Though they can be transplanted into ldap with care
Search Airheads
Showing results for 
Search instead for 
Did you mean: