On 09/04/14 13:38, Phil Mayers wrote:
> 1. Use MSCHAP which needs NTLMv1
in the picture here, is the NTLM traffic from the FreeRADIUS server to the Active Directory server encrypted? if not, can it be?
> 2. Use TTLS/PAP, and check passwords via Kerberos/LDAP bind.