On 09/04/14 18:25, John McCarthy wrote:
We will primarily be authenticating Windows 7 machines (and a handful of WIndows 8 machines).
Other than that, there may be some iPhones, iPads and Android phones that will connected to this wireless AP.
I was just wondering if there was a way to bypass having to use ntlm and use something more secure.
See: http://deployingradius.com/documents/protocols/compatibility.html And http://deployingradius.com/documents/protocols/oracles.html You have basically three options: 1. Use MSCHAP which needs NTLMv1. As per the thread you linked, it might be possible to do this if you patch Samba, even if you have disabled NTLMv1, using the magic flag noted in the thread. 2. Use TTLS/PAP, and check passwords via Kerberos/LDAP bind. 3. Use EAP-TLS and don't use passwords.