Meru Technical Note - Why does a Windows client cannot do secure authentication using eDirectory through IDM.

Why does a Windows client cannot do secure authentication using eDirectory through IDM.

KB ARTICLE TYPE: Troubleshooting

RELATED PRODUCTS: - IDM

RELATED SOFTWARE VERSIONS: 13.x.x

KEYWORDS: Smartconnect, WPA2, eDirectory, Novell

PEAP/GTC is supported on iOS, Android, Mac and Linux. This method encrypts the password before sending to IDM – which can decrypt the cleartext password and use it to validate against eDirectory using LDAP.

PEAP/GTC is not supported by Windows.

PEAP/MSCHAPv2 is supported by iOS, Android, Mac, Linux and Windows. With this method the cleartext password is not passed to IDM (a hash is used). We do not have read access to the user’s password so we cannot validate this hash. However IDM supports particular features of Active Directory to forward this hash to the AD box so we can authenticate the user.

As of now, eDirectory does not support this, or an equivalent, mechanism.

If eDirectory has a RADIUS server that supports MSCHAPv2 , the controller’s SSID can be directly pointed at this, However, it is not known if eDirectory has such a product.