On 26 Mar 2013, at 15:47, Alan DeKok <aland@deployingradius.com> wrote:
Alex Sharaz wrote:
o.k. many thanks for this phil. I'll probably have a bash at this but, as I've done it before, just setting up radiator as something that just says yes/no sounds a lot easier :-))
I doubt it.
Actually I found the way Radiator worked simpler than getting to grips with FreeRadius, but then again that's probably because it was the 1st one I tried :-)) . Running Radiator just to auth users against AD and send back an access-accept/access-reject packet was fairly simple once you set up ActivePerl.
The problem is with AD, not with any RADIUS server. And that the ntlmv2 protocol is *completely* different than the ntlmv1 protocol.
o.k. fair enough.
Don't blame the messenger. FreeRADIUS is the victim of the changed AD policies, and the limitations of ntlmv2. Switching to another RADIUS server won't help.
Unless it's NPS, which uses the AD replication protocols to bypass ntlm entirely.
Well, I was running Radiator for a couple of years authenticating users against AD. ( sent out a snippet from the Radiator manual in another message) so I guess it wasn't using ntlm. but, from the point of view of getting the job done, it did work. Rgds Alex
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html