[Solved] Radius setup

Unimus support forum
Post Reply
jaggermifter
Posts: 2
Joined: Fri May 12, 2017 1:43 am

Fri May 12, 2017 1:45 am

Hi

I'm having issues setting up radius authentication.

I can see the requests on the server but the server is returning

The user could not be authenticated using Challenge Handshake Authentication Protocol (CHAP). A reversibly encrypted password does not exist for this user account. To ensure that reversibly encrypted passwords are enabled, check either the domain password policy or the password settings on the user account.

I'm using windows 2016 network policy server.

Thanks!
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Fri May 12, 2017 10:47 am

Hi,

EDIT:
Since 1.7.2, you can select CHAP or PAP - configurable in Radius settings.

Original post:
As you see, Unimus uses CHAP for user auth against Radius.
CHAP (and MSCHAP and MSCHAPv2) require that the Radius server can read user passwords.
By default, in Windows AD, user passwords are hashed, so NPS can not auth users with CHAP, since it doesnt know the users password, because of the hashing.

You can tell AD to use encryption for passwords, by selecting "Store password using reversible encryption" in user properties ("Account" tab), and then resetting the users password. This way, NPS can actually decrypt and read the users password.

Basically, there are 2 protocols that Radius can use for authentication - PAP and CHAP (and CHAPs MS variants).
CHAP requires that the client and the server both know users password, but communication over the network is NOT cleartext.
PAP can work when user passwords are hashed on the server, but communication over the network IS cleatext.

We use CHAP, because for obvious reasons sending user credentials over the network in cleartext is bad :)
jaggermifter
Posts: 2
Joined: Fri May 12, 2017 1:43 am

Fri May 12, 2017 1:07 pm

Awesome i have it working now.

Also just incase anyone else has this issue you also have to reset the users password after the policy is changed.
renova
Posts: 1
Joined: Tue Jan 23, 2018 12:05 pm

Tue Jan 23, 2018 12:10 pm

Hi everyone! what are the configuration parameters in the NPS server? (RADIUS Clients and policies)
Post Reply