NTLMv2 with FreeRADIUS

John McCarthy midactsmystery at gmail.com
Wed Apr 9 21:04:51 CEST 2014


On 09/04/14 13:38, Phil Mayers  wrote:
> 1. Use MSCHAP which needs NTLMv1

http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO

in the picture here, is the NTLM traffic from the FreeRADIUS server to the
Active Directory server encrypted? if not, can it be?

> 2. Use TTLS/PAP, and check passwords via Kerberos/LDAP bind.

Is this way recommended? the part about using PAP scares me. (Clear-text
password in local configuration file (PAP)) -
http://wiki.freeradius.org/glossary/Authentication
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140409/2d6d8e78/attachment.html>


More information about the Freeradius-Users mailing list