MS-CHAP on Ubiquiti EdgeRouter



  • Asking this on behalf of someone, figured there would be more visibility and experience here. Especially if @JaredBusch is watching.

    "Firmware is at 1.9.0.

    I have set up this router as a RADIUS client and everything works great, it authenticates users through Windows AD. I want to to also manage this router using my Active Directory credentials. I don't have a problem setting this up and i am able to do it; however, when using a network policy to allow only certain members access to the router management i have to set the authentication to PAP or it wont work! This seems like a security issue that i would like to avoid.

    Has anyone dealt with this came up with a way to enable chap, mschap, or mschap-v2?"



  • @scottalanmiller said in MS-CHAP on Ubiquiti EdgeRouter:

    Asking this on behalf of someone, figured there would be more visibility and experience here. Especially if @JaredBusch is watching.

    Sorry, can't help here. From what I understand, he's using Microsofts RADIUS server, which is built into NPS. I had some issues lately and switched from NAP to FreeRADIUS, so my my approach would be to let FreeRadius auth against AD and EdgeRouter against FreeRADIUS.



  • So he's created the RAP in IAS, added the AD user group, edited the profile to select MS-CHAP and the users fail to authenticate? Weird. I've never tried it on an EdgeRouter. Has he successfully authenticated users this way with other device types?



  • Sounds like an issue with the setup of the RADIUS - have a poke through the NPS and make sure the policies are all setup correctly.

    Also check error log to see if you can verify or refute my suspected issue
    0_1477508837913_upload-20f8b587-9075-4d74-9723-4648da550c30



  • I have not had anyone desire this level of connection in their ERL, so I have no direct experience.