LDAP Query Question

[Chris]

This question is in reguards to how AD responds to an LDAP Authentication
Request coming from a non-Microsoft RADIUS server.

What I need to know is if AD returns the password from a LDAP authentication
request in MS_CHAP_v2 format or is it in Clear Text ?

We are trying to configure several devices for a secure wireless signon.

On the client side is a Windows XP Pro SP2 laptop using the Windows Zero
Config service.
802.1x authentication WPA/TKIP and EAP-PEAP/MS_CHAP_V2 manually sign-on

RADIUS server (Juniper SBR 6.0.1) acceptes the requests without a problem.
But when it tryies to authenticate the MS_CHAP it fails everytime. So I'm
wondering is what is AD sending back to RADIUS.
Any help would be great.

Thank you

 

[Richard Mueller [MVP]]

This question is in reguards to how AD responds to an LDAP Authentication
Request coming from a non-Microsoft RADIUS server.

What I need to know is if AD returns the password from a LDAP
authentication request in MS_CHAP_v2 format or is it in Clear Text ?

We are trying to configure several devices for a secure wireless signon.

On the client side is a Windows XP Pro SP2 laptop using the Windows Zero
Config service.
802.1x authentication WPA/TKIP and EAP-PEAP/MS_CHAP_V2 manually sign-on

RADIUS server (Juniper SBR 6.0.1) acceptes the requests without a problem.
But when it tryies to authenticate the MS_CHAP it fails everytime. So I'm
wondering is what is AD sending back to RADIUS.
Any help would be great.

AD does not save or know the password, only the hash value. In fact, the
password is never sent over the network from the client. If someone monitors
the network, they see only the hash.

I forget the details, but the DC may return a salt value to the client
required to generate the hash.

 

[Chris]

Ok

So how does this relate to MS_CHAPv2 ? Is MS_CHAPv2 the same as NTLM2 ?