On 09/04/14 14:33, John McCarthy wrote:
Thanks for your guys work on the FreeRADIUS project. It works really well and was easy to setup and understand.
I have a FreeRADIUS version 3.0.2 server that is used to with a Ubiquiti UAP-PRO access point using WPA2-Enterprise to authenticate Active Directory using PEAP. Everything works great and it authenticates users correctly.
But for PCI compliance, they require that we not use NTLMv1, they require us to use NTLMv2. Is there any way to get FreeRADIUS to work with NTLMv2 (or a more secure protocol for PCI compliance's sake)?
I have found the post below that basically says it isn't possible. Maybe
That info is still current. If you re-read the thread, it should be clear, in particular my last couple of posts. As far as I'm aware, Samba still doesn't set MSV1_0_ALLOW_MSVCHAPV2, so can't execute NTLMv1 against an NTLMv2 controller.