Freeradius 2.1.8+Windows AD+MS-CHAP with ntlm_auth

Alan DeKok aland at
Tue May 18 22:56:48 CEST 2010

Cesar Ortega wrote:
> I've been working on Freeradius with XP supplicants for a while but so
> far I could't make it. Authentication against Active Directory works
> like a charm
> (

  That's good to hear.

> I want to authenticate several users against AD keeping in mind the
> following conditions:
> - Not use of certificates at all.
> - Transparent authentication of clients in wireless networks using
> MS-CHAPv2 (username and password they use to authenticate against AD).

  It's impossible.

  The protocols used between the PC && access point are EAP, and require
TLS.  If you don't want to use EAP-TTLS or EAP-PEAP, your *only* option
is to re-write the software on the PC and the access point.

  That is... it's impossible.

  If you use PEAP, you only need one certificate: the server cert.

  Alan DeKok.

More information about the Freeradius-Users mailing list