Super Contributor II

MSCHAPv2 and Domain Join

HI All,


Can anybody explain in very simple terms why CPPM needs to be joined to a domain to be able to do MSCHAPv2?


I'm assuming it's something to do with the MD4/NTLM process but can't find a clear explanation anywhere (that i can decrypt!)



Guru Elite

Re: MSCHAPv2 and Domain Join

It’s because MSCHAPv2 uses non-reversible encryption and only a domain controller can answer the challenge.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Super Contributor II

Re: MSCHAPv2 and Domain Join


Frequent Contributor I

Re: MSCHAPv2 and Domain Join

Technically anything can answer the challenge, but it needs the nthash of the user's password. Which exists natively in nt domains. Though they can be transplanted into ldap with care
Search Airheads
Showing results for 
Search instead for 
Did you mean: