NTLMv2 with FreeRADIUS

Phil Mayers p.mayers at imperial.ac.uk
Wed Apr 9 15:52:48 CEST 2014


On 09/04/14 14:33, John McCarthy wrote:
> Thanks for your guys work on the FreeRADIUS project. It works really
> well and was easy to setup and understand.
>
> I have a FreeRADIUS version 3.0.2 server that is used to with a Ubiquiti
> UAP-PRO access point using WPA2-Enterprise to authenticate Active
> Directory using PEAP. Everything works great and it authenticates users
> correctly.
>
>
> But for PCI compliance, they require that we not use NTLMv1, they
> require us to use NTLMv2. Is there any way to get FreeRADIUS to work
> with NTLMv2 (or a more secure protocol for PCI compliance's sake)?
>
>
> I have found the post below that basically says it isn't possible. Maybe

That info is still current. If you re-read the thread, it should be 
clear, in particular my last couple of posts.

As far as I'm aware, Samba still doesn't set MSV1_0_ALLOW_MSVCHAPV2, so 
can't execute NTLMv1 against an NTLMv2 controller.


More information about the Freeradius-Users mailing list