Disabling ntlmv1 usage in FR 3.0.12
Matthew Newton
mcn4 at leicester.ac.uk
Wed May 4 16:10:56 CEST 2016
On Wed, May 04, 2016 at 02:56:56PM +0100, Alex Sharaz wrote:
> Our systems people are always grumbling about our FR servers being the
> only boxes that use NTLMv1. Will the above config keep them happy and
> stop these servers from using it?
Not possible; MSCHAPv2 depends on it. So they may as well get used
to it.
In the latest FR (using wbclient) the correct flag is passed to
Samba/Windows so that it should force NTLMv1 auth, even if they've
disabled NTLMv1 on the AD servers. In the past that would just
break your wireless auth.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list