definitive info on authenticating to AD via NTLMv2

[Alan DeKok]

Alex Sharaz wrote:
> o.k. many thanks for this phil. I'll probably have a bash at this but, as I've done it before, just setting up radiator as something that just says yes/no sounds a lot easier :-))

  I doubt it.

  The problem is with AD, not with any RADIUS server.  And that the
ntlmv2 protocol is *completely* different than the ntlmv1 protocol.

  Don't blame the messenger.  FreeRADIUS is the victim of the changed AD
policies, and the limitations of ntlmv2.  Switching to another RADIUS
server won't help.

  Unless it's NPS, which uses the AD replication protocols to bypass
ntlm entirely.

  Alan DeKok.