NTLMv2 with FreeRADIUS
Tobias Hachmer
tobias at hachmer.de
Wed Apr 9 18:55:31 CEST 2014
On Wednesday 09 April 2014 11:48:00 Alan DeKok wrote:
> > But for PCI compliance, they require that we not use NTLMv1, they
> > require us to use NTLMv2. Is there any way to get FreeRADIUS to work
> > with NTLMv2 (or a more secure protocol for PCI compliance's sake)?
>
> The protocols used make it impossible.
>
> The only way to avoid NTLMv1 is to run FreeRADIUS on the Active
> Directory machine. Unfortunately, we don't have a Windows port.
The man page of smb.conf says that there's a global option "client NTLMv2
auth", see http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html.
So, I assume samba (smbclient) supports ntlmv2. Also the man page of ntlm_auth
says:
---snippet---
--nt-response=RESPONSE
NT or NTLMv2 Response to the challenge (in HEXADECIMAL)
---snippet---
https://www.samba.org/samba/docs/man/manpages/ntlm_auth.1.html
Maybe I didn't get it but why FR could not authenticate users against MS AD
via ntlm_auth?
Regards,
Tobias Hachmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140409/7a39bb40/attachment.pgp>
More information about the Freeradius-Users
mailing list