Am 02.09.20 um 10:55 schrieb Xand Meaden via Freeradius-Users:
NPS RADIUS servers which are configured to only support PEAP-MSCHAP-V2 The NPS surely is a member of a windows domain, right? If the admins of that domain allowed your FR as a member (i.e. a samba instance on your server), you could feed the passwords directly to mschap/ntlm_auth. This _might_ increase performance over external wpa_supplicant or eapol_test as using this functionality no longer requires spawning an external process. But extending an AD domain like that may pose security issues of its own.
Martin -- Dr. Martin Pauly Phone: +49-6421-28-23527 HRZ Univ. Marburg Fax: +49-6421-28-26994 Hans-Meerwein-Str. E-Mail: pauly@HRZ.Uni-Marburg.DE D-35032 Marburg