Limitation of authenticating against AD

Eloy Paris peloy at chapus.net
Wed Sep 3 18:30:18 CEST 2014


Oh, I am sorry, I missed that important detail. Then you are out of 
luck, as compatibility.html indicates.

Cheers,

Eloy Paris.-

On 09/03/2014 12:26 PM, Dennis Xu wrote:

> Thanks. Yes we have to configure FreeRadius server to use ntlm_auth. But  my problem is that our AD does not store passwords in NT hash format. They use SHA1 hash or crypt'd format.
>
> Dennis
>
> ----- Original Message -----
> From: "Eloy Paris" <peloy at chapus.net>
> To: dxu at uoguelph.ca, "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
> Sent: Wednesday, September 3, 2014 12:01:26 PM
> Subject: Re: Limitation of authenticating against AD
>
> On 09/03/2014 11:52 AM, Dennis Xu wrote:
>
>> Hello,
>>
>> I am looking for confirmation that because our AD stores passwords in crypt'd or SHA1 format, we cannot use FreeRadius to authenticate against our AD using PEAP and EAP-MSCHAPv2?
>>
>> http://deployingradius.com/documents/protocols/compatibility.html
>>
>> Is the above link still up-to-date?
>
> Take a look at:
>
> http://deployingradius.com/documents/configuration/active_directory.html
>
> You need to configure your FreeRADIUS server to use ntlm_auth precisely
> because FreeRADIUS does not have access to the cleartext passwords of
> Active Directory users.
>
> Cheers,
>
> Eloy Paris.-
>



More information about the Freeradius-Users mailing list