definitive info on authenticating to AD via NTLMv2
aland at deployingradius.com
Tue Mar 26 15:26:57 CET 2013
Alex Sharaz wrote:
> I've been running ntlm_auth to authenticate our 802.1x users against AD for a number of months without problems…… until this morning when our Systems group tightened up auth requirements to only use NTLMv2. and my ntlm_auth module started failing
Which breaks RADIUS.
> So, anything special I need to do to auth using ntlmv2? Can it be done?
It can't be done. ntlmv2 is a *completely* different protocol.
nvlmv1 is pretty much MS-CHAP, which is why it works.
Ask the AD administrators to make an exception for the Samba server.
Nothing else will work.
More information about the Freeradius-Users