definitive info on authenticating to AD via NTLMv2
p.mayers at imperial.ac.uk
Tue Mar 26 19:30:53 CET 2013
On 26/03/2013 18:03, A.L.M.Buxey at lboro.ac.uk wrote:
>> o.k. many thanks for this phil. I'll probably have a bash at this but, as I've done it before, just setting up radiator as something that just says yes/no sounds a lot easier :-))
> RADIATOR on Windows can use <AuthBY LSA> which is a direct access to AD method and doesnt use SAMBA
> stuff at all - you'd have the same problem with RADIATOR on Linux.
In the interests of clarity: The LSA isn't magic; it uses pretty much
the same RPCs as Samba does. There's nothing hidden or special, and no
The problem here is that Samba doesn't have any way to set
MSV1_0_ALLOW_MSVCHAPV2 when calling the relevant RPC. This is a trivial,
NPS and Radiator are obviously setting that flag when talking to the
RPC. We (because we're reliant on Samba) are not. Fix Samba, and we will
magically work - no effort required.
More information about the Freeradius-Users