Date: Mon, 28 Jul 1997 01:10:01 -0700 (PDT) From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: freebsd-bugs Subject: Re: kern/4119: can't connect to Win NT 4.0 RAS using MS CHAP and CBCP Message-ID: <199707280810.BAA17228@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/4119; it has been noted by GNATS. From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: <freebsd-gnats-submit@freebsd.org> Cc: Subject: Re: kern/4119: can't connect to Win NT 4.0 RAS using MS CHAP and CBCP Date: Mon, 28 Jul 1997 01:03:43 -0700 Further investigation on this, Microsoft's MS-CHAP is different from regular CHAP because they use MD4, rather than MD5 as standard CHAP does. MS has released preliminary standards-based MD5-CHAP support in Service Pack 3 for NT Server 4.0. In addition to MD5-CHAP support, many security holes have been closed with this service pack, so it is unlikely that anyone running a Windows NT 4.0 server is going to resist applying this service pack. It is not enough to simply apply the service pack, a Registry Key must be altered in the NT Server to turn on MD5 support in CHAP. This is explained in the service pack readme, as well as in the Microsoft Knowledgebase on their web site. Win95 Dialup Networking clients will use either the standards-based MD5 or MD4-based MS-CHAP to authenticate, so turning on MD5-CHAP support in NT Server with this registry key should not affect them. In addition, Win95 Dialup Networking clients by default don't require encrypted passwords, so it is unlikely that casual installation of 95 clients dialup networking will have turned on the checkbox for requiring encrypted passwords. As a result, even if the 95 clients cannot authenticate to a patched NT Server using CHAP, they will simply switch over to PAP.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707280810.BAA17228>