Authenticating against Win2k8r2 without ntlm_auth
Phil Mayers
p.mayers at imperial.ac.uk
Mon Apr 25 22:30:14 CEST 2011
On 04/25/2011 02:44 PM, schilling wrote:
> Could we extend the AD schema with another accessible ntPassword hash,
> and thus use LDAP against AD for PEAP/MSCHAP?
Yes, if you know everyones plaintext password. But if you do, you don't
have this problem at all; you can just store Cleartext-Password in some
secured SQL database and use that.
In short: it's usually impractical.
More information about the Freeradius-Users
mailing list