NTLMv2 with FreeRADIUS
John Douglass
john.douglass at oit.gatech.edu
Wed Apr 9 18:53:12 CEST 2014
On 04/09/2014 12:40 PM, John McCarthy wrote:
> Is there any other ways to authenticate against Active Directory with
> FreeRADIUS?
>
> is it possible to authenticate using Kerberos instead of ntlm or
> ms-chap. Maybe EAP-TLS.
>
The problem with 802.1x and clients is that not every authentication
methodology is supported by every client. I haven't done any hybrid
authentications yet (i.e. both EAP-PEAP-MSChapV2 and EAP-TTLS) but most
certainly radius can handle that with the right configuration.
You should definitely evaluate your client base and their capabilities
before determining which auth protocols to support or not.
- John Douglass
Sr. Systems IT/Architect
Georgia Institute of Technology
More information about the Freeradius-Users
mailing list