Support on SonicWall Products, Services and Solutions
Browse Knowledgebase by Category
Configuring L2TP authentication protocols to use LDAP instead of RADIUS for iOS (iPad/iPhone/iPod t
03/26/2020 
18 
10992
DESCRIPTION:
Configuring L2TP authentication protocols to use LDAP instead of RADIUS for iOS (iPad/iPhone/iPod touch) connections
RESOLUTION:
Overview:
iOS devices accept the first supported authentication protocol proposed by the server. The default preferred authentication protocol order in SonicOS (prior to 5.8.0.8 and 5.8.1.1) is CHAP, PAP, MS-CHAP, and then MS-CHAPv2. In 5.8.0.8 and 5.8.1.1 the order has been changed to MS-CHAPv2, CHAP, MS-CHAP, and then PAP. This combined with the iOS behavior of accepting the first supported authentication protocol will require RADIUS authentication because Active Directory does not support CHAP, MS-CHAP, or MS-CHAPv2.
To force L2TP connections from iOS devices to use LDAP instead of RADIUS, follow the steps outlined below.
Procedure:
- Log into the SonicWall security appliance using your admin credentials.
- Navigate to VPN > L2TP Server. Click Configure.
- Click on the PPP tab. Ensure that "PAP" is moved to the top of the list. Click OK.
Notes:
Upgrades from previous firmware versions will retain the original ordering. The new ordering is set on new installations only.
Authentication protocols can also be changed for use with RADIUS
�
