9 Apr
2014
9 Apr
'14
3:04 p.m.
On 09/04/14 13:38, Phil Mayers wrote:
1. Use MSCHAP which needs NTLMv1
http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOW... in the picture here, is the NTLM traffic from the FreeRADIUS server to the Active Directory server encrypted? if not, can it be?
2. Use TTLS/PAP, and check passwords via Kerberos/LDAP bind.
Is this way recommended? the part about using PAP scares me. (Clear-text password in local configuration file (PAP)) - http://wiki.freeradius.org/glossary/Authentication