9 Apr
2014
9 Apr
'14
12:53 p.m.
On 04/09/2014 12:40 PM, John McCarthy wrote:
Is there any other ways to authenticate against Active Directory with FreeRADIUS?
is it possible to authenticate using Kerberos instead of ntlm or ms-chap. Maybe EAP-TLS.
The problem with 802.1x and clients is that not every authentication methodology is supported by every client. I haven't done any hybrid authentications yet (i.e. both EAP-PEAP-MSChapV2 and EAP-TTLS) but most certainly radius can handle that with the right configuration. You should definitely evaluate your client base and their capabilities before determining which auth protocols to support or not. - John Douglass Sr. Systems IT/Architect Georgia Institute of Technology