Use the Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAP V2) to authenticate VPN clients over L2TP/PPTP (mutual authentication between peers) or to authenticate HTTP Proxy users.
In this article:
Before you Begin
Before using MS-CHAP authentication, you must add the Barracuda NG Firewall to a Windows (NT4, 2000, or 2003) domain.
Connecting to Read Only Domain Controllers
In addition to the adding the hostname for the Barracuda NG Firewall, you must verify that the password for the user account used in the Helper Scheme is cached on the read-only domain controller.
Step 1. Configure MS-CHAP Authentication
- Open the Authentication Service page (Config > Full Config > Box > Infrastructure Services).
- In the left navigation pane, select MS-CHAP Authentication.
- From the Configuration Mode menu on the left, select Switch to Advanced View.
- Click Lock.
- Enable MS CHAP as external directory service.
Choose the NTLM protocol version supported by your authentication service.
In the Domain Realm field, enter the name of the Windows domain that is queried by the authenticator.
If the NetBIOS domain name differs from the MS Active Directory domain name, specify the NetBIOS Domain Name.
- Enter the MS Active Directory Workgroup Name if the workgroup name is different from the MS Active Directory domain name (Domain Realm).
In the Domain Controller field, enter the IP address of the domain controller.
In the WINS Server field, enter the IP address of the domain’s Windows Internet Name Service (WINS) server.
- If group information is queried from a different authentication scheme, select the scheme from the User Info Helper Scheme list. For example, select MSAD if MS-CHAP is used for identity verification but group information must be queried from MSAD.
- Click Send Changes and Activate.
Step 2. Add the Barracuda NG Firewall to a Windows Domain
- Go to the Box page (Control tab > Box).
- In the left navigation, expand Domain Control and click Register at Domain.
Verify that the Barracuda NG Firewall is joined to the domain by clicking Show Registration Status in Control > Box > Domain Control.