NTLMv2 with FreeRADIUS
Matthew Newton
mcn4 at leicester.ac.uk
Wed Apr 9 18:55:35 CEST 2014
On Wed, Apr 09, 2014 at 12:40:20PM -0400, John McCarthy wrote:
> Is there any other ways to authenticate against Active Directory with
> FreeRADIUS?
>
> is it possible to authenticate using Kerberos instead of ntlm or ms-chap.
> Maybe EAP-TLS.
EAP-TLS is fine, as long as you're willing to accept the overhead
of certificate management (which is easier using AD), though note
that you are then changing from per-user authentication to
per-machine authentication, which may not be what you want/need.
If you're using Windows on the clients, that's about the only
other option unless you start to use a 3rd party 802.1X
supplicant (or Windows >= 8). There may be other options with
different client operating systems.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list