03/26/2020 27 People found this article helpful 456,757 Views
Configuring L2TP authentication protocols to use LDAP instead of RADIUS for iOS (iPad/iPhone/iPod touch) connections
Overview:
iOS devices accept the first supported authentication protocol proposed by the server. The default preferred authentication protocol order in SonicOS (prior to 5.8.0.8 and 5.8.1.1) is CHAP, PAP, MS-CHAP, and then MS-CHAPv2. In 5.8.0.8 and 5.8.1.1 the order has been changed to MS-CHAPv2, CHAP, MS-CHAP, and then PAP. This combined with the iOS behavior of accepting the first supported authentication protocol will require RADIUS authentication because Active Directory does not support CHAP, MS-CHAP, or MS-CHAPv2.
To force L2TP connections from iOS devices to use LDAP instead of RADIUS, follow the steps outlined below.
Procedure:
Notes:
Upgrades from previous firmware versions will retain the original ordering. The new ordering is set on new installations only.
Authentication protocols can also be changed for use with RADIUS