3 Sep
2014
3 Sep
'14
12:01 p.m.
Dennis Xu wrote:
I am looking for confirmation that because our AD stores passwords in crypt'd or SHA1 format, we cannot use FreeRadius to authenticate against our AD using PEAP and EAP-MSCHAPv2?
No. AD stores it's passwords in NT-Hash format. And it does NOT allow FreeRADIUS (or anyone) to read those passwords via LDAP.
http://deployingradius.com/documents/protocols/compatibility.html
Is the above link still up-to-date?
Yes. Alan DeKok.