Limitation of authenticating against AD
Eloy Paris
peloy at chapus.net
Wed Sep 3 18:01:26 CEST 2014
On 09/03/2014 11:52 AM, Dennis Xu wrote:
> Hello,
>
> I am looking for confirmation that because our AD stores passwords in crypt'd or SHA1 format, we cannot use FreeRadius to authenticate against our AD using PEAP and EAP-MSCHAPv2?
>
> http://deployingradius.com/documents/protocols/compatibility.html
>
> Is the above link still up-to-date?
Take a look at:
http://deployingradius.com/documents/configuration/active_directory.html
You need to configure your FreeRADIUS server to use ntlm_auth precisely
because FreeRADIUS does not have access to the cleartext passwords of
Active Directory users.
Cheers,
Eloy Paris.-
More information about the Freeradius-Users
mailing list