22 Feb 2013 - tsp
Last update 16 Apr 2019
Because MD5 challenge authentication has been disabled because of security problems by default (don’t use this on any untrusted network anyway - I’ve just written this note to show how to enable them in case one has crappy managed switches) the following changes are necessary to re-enable EAP-MD5:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\4] "RolesSupported"=dword:0000000a"FriendlyName"="MD5-Challenge""Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\ 61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,00"InvokeUsernameDialog"=dword:00000001"InvokePasswordDialog"=dword:00000001
automatic configuration (wired)to startup automatically
testuser NAS-Port-Type == Ethernet, Cleartext-Password := "u804u489"
One should use other methods if they are available (EAP-TLS would be the best method available; else EAP-PEAP with MSCHAPv2 would be sufficient).
This article is tagged: