definitive info on authenticating to AD via NTLMv2
Alex Sharaz
alex.sharaz at york.ac.uk
Tue Mar 26 17:26:54 CET 2013
On 26 Mar 2013, at 15:47, Alan DeKok <aland at deployingradius.com> wrote:
> Alex Sharaz wrote:
>> o.k. many thanks for this phil. I'll probably have a bash at this but, as I've done it before, just setting up radiator as something that just says yes/no sounds a lot easier :-))
>
> I doubt it.
>
Actually I found the way Radiator worked simpler than getting to grips with FreeRadius, but then again that's probably because it was the 1st one I tried :-)) . Running Radiator just to auth users against AD and send back an access-accept/access-reject packet was fairly simple once you set up ActivePerl.
> The problem is with AD, not with any RADIUS server. And that the
> ntlmv2 protocol is *completely* different than the ntlmv1 protocol.
>
o.k. fair enough.
> Don't blame the messenger. FreeRADIUS is the victim of the changed AD
> policies, and the limitations of ntlmv2. Switching to another RADIUS
> server won't help.
>
> Unless it's NPS, which uses the AD replication protocols to bypass
> ntlm entirely.
Well, I was running Radiator for a couple of years authenticating users against AD.
( sent out a snippet from the Radiator manual in another message) so I guess it wasn't using ntlm. but, from the point of view of getting the job done, it did work.
Rgds
Alex
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list