definitive info on authenticating to AD via NTLMv2

Alan DeKok aland at
Tue Mar 26 15:26:57 CET 2013

Alex Sharaz wrote:
> I've been running ntlm_auth to authenticate our 802.1x users against AD for a number of months without problems…… until this morning when our Systems group tightened up auth requirements to only use NTLMv2. and my ntlm_auth module started failing

  Which breaks RADIUS.

> So, anything special I need to do to auth using ntlmv2? Can it be done?

  It can't be done.  ntlmv2 is a *completely* different protocol.
nvlmv1 is pretty much MS-CHAP, which is why it works.

  Ask the AD administrators to make an exception for the Samba server.
Nothing else will work.

  Alan DeKok

More information about the Freeradius-Users mailing list