Example configuration that proxy PEAP MSCHAPv2 to an IAS server

Alan DeKok aland at deployingradius.com
Wed Aug 31 22:32:11 CEST 2011


Jacob Dawson wrote:
> That's the case here.  Our AD servers are set to only accept NTLMv2, and they won't budge from that.  The workaround for us is to proxy the inner tunnel on domain user authentications to IAS and let it handle talking to AD over NTLMv2.  There's a registry hack involved, and it either lets them cheat and speak NTLMv1, or it somehow lets them have a v2 conversation; I've never been clear on which it is.
> 
> Full disclosure, I haven't been able to get this proxy-inner-tunnel stuff to fly consistently under 2.1.11.

  It really should work... it works for my tests.

  Alan DeKok.



More information about the Freeradius-Users mailing list