guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From drhy <>
Subject Re: Guacamole+Radius+Eap-tls
Date Mon, 22 Apr 2019 03:19:32 GMT
Hi Kamal,

As I mention, Microsoft Network Policy Server (NPS) seems to want some type
of CHAP in almost almost all of the Radius Requests, except PAP. CHAP,
MS-CHAP and MS-CHAPv2 have been attacked:

They all use MD4, which has also been attacked and has now been "retired" as
a standard":

However, as you have also commented, NPS's more secure EAP-TLS protocol
still needs to tunnel CHAP and MD4. I found this:
It would be useful for to be included in the Radius Authentication
Provider to support secure communication with NPS, but I don't know how to.

In the meantime I'm using CentOS's built-in IPsec and the Windows Server
L2TP/IPsec capability.


Sent from:

View raw message