NTLMv2 with FreeRADIUS
Alan DeKok
aland at deployingradius.com
Thu Apr 10 04:08:51 CEST 2014
John McCarthy wrote:
> The other option that is appealing is TTLS/PAP. I spun up a server at
> the end of the day today to start testing that out. Does it play well
> with active directory using Kerberos? That option sounds nice because
> traffic is encrypted at both ends of the FreeRADIUS server.
TTLS + PAP will work fine with Kerberos. You'll need to edit
sites-enabled/inner-tunnel, and add "krb5" to the "authenticate"
section. Then, in the "authorize" section, do:
if (User-Password) {
update control {
Auth-Type := krb5
}
}
Also configure the krb5 file in mods-enabled/krb5.
You should have Kerberos working about 30 seconds later.
> I had been doing some research to get a better understanding on how all
> this worked. Alan DeKok had some great references at deployingradius.com
> to help me understand how all this works.
Thanks. Lots of people find it useful.
Alan DeKok.
More information about the Freeradius-Users
mailing list