I'm trying to configure EAP-MD5-Challenge authentication with AD 2008.
IP Phones are using 802.1x with EAP-MD5-Challenge and UAC is the RADIUS server.
If I configure authentication using Local Authentication server then everything works fine, the phones authenticate without a problem.
However, when I try to use AD authentication (in both standard and legacy mode) UAC never even tries to communicate with AD server during EAP-MD5-Challenge authentication request from IP Phone. AD server itself is configured correctly as it is used to authenticate Windows machines using EAP-PEAP with MS-CHAP-V2.
When we try to communicate with AD using LDAP UAC tries to authenticate an IP Phone, however UAC requests 'userPassword' attribute, which Active Directory does not show over LDAP.
Does anyone know if EAP-MD5-Challenge authentication with Active Directory is even possible using Juniper UAC?