Why does a Windows client cannot do secure authentication using eDirectory through IDM.
KB ARTICLE TYPE: Troubleshooting
RELATED PRODUCTS: - IDM
RELATED SOFTWARE VERSIONS: 13.x.x
KEYWORDS: Smartconnect, WPA2, eDirectory, Novell
PEAP/GTC is supported on iOS, Android, Mac and Linux. This method encrypts the password before sending to IDM – which can decrypt the cleartext password and use it to validate against eDirectory using LDAP.
PEAP/GTC is not supported by Windows.
PEAP/MSCHAPv2 is supported by iOS, Android, Mac, Linux and Windows. With this method the cleartext password is not passed to IDM (a hash is used). We do not have read access to the user’s password so we cannot validate this hash. However IDM supports particular features of Active Directory to forward this hash to the AD box so we can authenticate the user.
As of now, eDirectory does not support this, or an equivalent, mechanism.
If eDirectory has a RADIUS server that supports MSCHAPv2 , the controller’s SSID can be directly pointed at this, However, it is not known if eDirectory has such a product.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.