Security

last person joined: 11 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

MSCHAPv2 and Domain Join

This thread has been viewed 0 times

  • 1.  MSCHAPv2 and Domain Join

    Posted Jul 07, 2014 08:33 PM

    HI All,

     

    Can anybody explain in very simple terms why CPPM needs to be joined to a domain to be able to do MSCHAPv2?

     

    I'm assuming it's something to do with the MD4/NTLM process but can't find a clear explanation anywhere (that i can decrypt!)

     

    Scott



  • 2.  RE: MSCHAPv2 and Domain Join
    Best Answer

    EMPLOYEE
    Posted Jul 07, 2014 08:42 PM
    It’s because MSCHAPv2 uses non-reversible encryption and only a domain controller can answer the challenge.


  • 3.  RE: MSCHAPv2 and Domain Join

    Posted Jul 07, 2014 08:48 PM

    thanks!



  • 4.  RE: MSCHAPv2 and Domain Join

    Posted Jul 07, 2014 09:58 PM
    Technically anything can answer the challenge, but it needs the nthash of the user's password. Which exists natively in nt domains. Though they can be transplanted into ldap with care