definitive info on authenticating to AD via NTLMv2

Alan DeKok aland at deployingradius.com
Tue Mar 26 16:47:36 CET 2013


Alex Sharaz wrote:
> o.k. many thanks for this phil. I'll probably have a bash at this but, as I've done it before, just setting up radiator as something that just says yes/no sounds a lot easier :-))

  I doubt it.

  The problem is with AD, not with any RADIUS server.  And that the
ntlmv2 protocol is *completely* different than the ntlmv1 protocol.

  Don't blame the messenger.  FreeRADIUS is the victim of the changed AD
policies, and the limitations of ntlmv2.  Switching to another RADIUS
server won't help.

  Unless it's NPS, which uses the AD replication protocols to bypass
ntlm entirely.

  Alan DeKok.


More information about the Freeradius-Users mailing list