Hi all,
i am trying to connect my synology with installed Active Directory with Radius Server but i am not able to connect them together.
Radius server shos this error:
Login incorrect (chap: &control:Cleartext-Password is required for authentication): [david] (from client eee port 0 cli 192.168.49.110)
And this is MK log
Have anyone oany idea why is it not working?
The synology is RS1219+
DSM 6.2.1-23824 Update 4
thanx dave
AD usually contains NT hash of the users password which will not work with CHAP - you need the plaintext at the server.
Presumably you are running RouterOS version < 6.43 as this changed the login service authentication from CHAP to MSCHAPv2 (which should work authenticating against AD).
Ensure the RADIUS traffic is protected from evesdropping as MSCHAPv2 is insecure - the NT hash can be recovered from the challenge-response data.
OK so what can i do to fix this issue?
Thanx
If you are running RouterOS <6.43 then upgrade to the latest (6.43.
BUT check the release notes for things which may need configuration changes (e.g. bridge / master-port changes if upgrading from <6.41)
If the RADIUS traffic is on an internal LAN you are probably OK, it isn’t the sort of thing you want traversing the internet unless in a secure VPN tunnel however.