Freeradius 2.1.8+Windows AD+MS-CHAP with ntlm_auth
Alan DeKok
aland at deployingradius.com
Tue May 18 22:56:48 CEST 2010
Cesar Ortega wrote:
> I've been working on Freeradius with XP supplicants for a while but so
> far I could't make it. Authentication against Active Directory works
> like a charm
> (http://deployingradius.com/documents/configuration/active_directory.html).
That's good to hear.
> I want to authenticate several users against AD keeping in mind the
> following conditions:
> - Not use of certificates at all.
> - Transparent authentication of clients in wireless networks using
> MS-CHAPv2 (username and password they use to authenticate against AD).
It's impossible.
The protocols used between the PC && access point are EAP, and require
TLS. If you don't want to use EAP-TTLS or EAP-PEAP, your *only* option
is to re-write the software on the PC and the access point.
That is... it's impossible.
If you use PEAP, you only need one certificate: the server cert.
Alan DeKok.
More information about the Freeradius-Users
mailing list