NTLMv2 with FreeRADIUS
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Apr 9 21:19:36 CEST 2014
On 9 Apr 2014, at 20:14, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
> On 9 Apr 2014, at 20:04, John McCarthy <midactsmystery at gmail.com> wrote:
>
>> On 09/04/14 13:38, Phil Mayers wrote:
>>> 1. Use MSCHAP which needs NTLMv1
>>
>> http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO
>>
>> in the picture here, is the NTLM traffic from the FreeRADIUS server to the Active Directory server encrypted? if not, can it be?
>>
>>> 2. Use TTLS/PAP, and check passwords via Kerberos/LDAP bind.
>>
>> Is this way recommended? the part about using PAP scares me. (Clear-text password in local configuration file (PAP)) - http://wiki.freeradius.org/glossary/Authentication
>
> It's not in a local configuration file if it's being sent to an AD server.
Hmm do you work for a *.edu?
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140409/fec338ed/attachment-0001.pgp>
More information about the Freeradius-Users
mailing list