definitive info on authenticating to AD via NTLMv2

Alex Sharaz alex.sharaz at
Tue Mar 26 17:26:54 CET 2013

On 26 Mar 2013, at 15:47, Alan DeKok <aland at> wrote:

> Alex Sharaz wrote:
>> o.k. many thanks for this phil. I'll probably have a bash at this but, as I've done it before, just setting up radiator as something that just says yes/no sounds a lot easier :-))
>  I doubt it.
Actually I found the way Radiator worked simpler than getting to grips with FreeRadius, but then again that's probably because it was the 1st one I tried :-)) .  Running Radiator just to auth users against AD and send back an access-accept/access-reject packet was fairly simple once you set up ActivePerl.

>  The problem is with AD, not with any RADIUS server.  And that the
> ntlmv2 protocol is *completely* different than the ntlmv1 protocol.
o.k. fair enough.

>  Don't blame the messenger.  FreeRADIUS is the victim of the changed AD
> policies, and the limitations of ntlmv2.  Switching to another RADIUS
> server won't help.

>  Unless it's NPS, which uses the AD replication protocols to bypass
> ntlm entirely.

Well, I was running Radiator for a couple of years authenticating users against AD. 
( sent out a snippet from the Radiator manual in another message)  so I guess it wasn't using ntlm. but, from the point of view of getting the job done, it did work. 


>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list