Hi guys!
I’m implementing AAA authentication with AD in my network and I’ve stumbled with a problem.
I found that Winbox uses CHAP for authentication, and it doesn’t work directly with NPS 2008 unless I change my AD’s password encryption policy. I’ve read that I have to store them as ‘reversible’.
My problem is that our Security department doesn’t let us go with this at all. And I agree with them, after all, I’m doing this to increase security.
I’ve been reading a lot and I couldn’t find a walk around to this issue.
So I’m asking for directions. Is there any way that I could use a proxy (FreeRADIUS maybe?) or something as an interface between Winbox and my Active Directory servers to authenticate my administrative users?
Thanks a lot 