NT4 RAS Servers and Active Directory Domains
There's one more item of business left to cover before starting to deploy Windows Server 2003 remote access servers, and that's how to deal with any classic NT4 RAS servers that might be still be in production. Unless you make special accommodations for these RAS servers, they will not be able to authenticate dial-up users in an Active Directory domain. The reason for this harkens back to the origins of Windows networking in LanMan Server.
As we've seen, MS-CHAPv2 requires that the remote access server obtain the user's NT password hash to complete the authentication transaction. The NT4 RAS server makes its call to the domain controller to get the user's credentials, but the domain controller says, ...
Get Inside Windows® Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
