DescriptionWhy does a Windows client cannot do secure authentication using eDirectory through IDM.
ScopeKB ARTICLE TYPE:
Troubleshooting
RELATED PRODUCTS: -
IDM
RELATED SOFTWARE VERSIONS:
13.x.x
KEYWORDS:
Smartconnect, WPA2, eDirectory,
Novell
SolutionPEAP/GTC is supported on
iOS, Android, Mac and Linux. This method encrypts the password before
sending to IDM – which can decrypt the cleartext password and use it to
validate against eDirectory using LDAP.
PEAP/GTC is not supported by
Windows.
PEAP/MSCHAPv2 is supported by iOS, Android, Mac, Linux and
Windows. With this method the cleartext password is not passed to IDM (a
hash is used). We do not have read access to the user’s
password so we cannot validate this hash. However IDM supports
particular features of Active Directory to forward this hash to the AD
box so we can authenticate the
user.
As of
now, eDirectory does not support this, or an equivalent,
mechanism.
If
eDirectory has a RADIUS server that supports MSCHAPv2 , the
controller’s SSID can be directly pointed at this, However, it
is not known if eDirectory has such a
product.
