NTLMv2 with FreeRADIUS
Matthew Newton
mcn4 at leicester.ac.uk
Thu Apr 10 11:33:17 CEST 2014
On Wed, Apr 09, 2014 at 08:13:27PM -0400, John McCarthy wrote:
> The other option that is appealing is TTLS/PAP. I spun up a server at the
> end of the day today to start testing that out. Does it play well with
> active directory using Kerberos? That option sounds nice because traffic is
> encrypted at both ends of the FreeRADIUS server.
Just note that Windows 7 and before have no built-in support for
TTLS/PAP, so you have to use 3rd party supplicant software.
Windows 8 (and MacOS and Linux and most other things) support it.
The reason why PEAP/EAP-MSCHAPv2 is so prevalent is that, if you
want to log in with a username and password, it is essentially the
only mechanism that Microsoft have supported until recently, and
nobody generally wants to faff around with either TLS certificate
management or installing other supplicants.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list