Disabling ntlmv1 usage in FR 3.0.12

Matthew Newton mcn4 at leicester.ac.uk
Wed May 4 16:10:56 CEST 2016


On Wed, May 04, 2016 at 02:56:56PM +0100, Alex Sharaz wrote:
> Our systems  people are always grumbling about our FR servers being the
> only boxes that use  NTLMv1. Will the above config keep them happy and
> stop  these servers from using it?

Not possible; MSCHAPv2 depends on it. So they may as well get used
to it.

In the latest FR (using wbclient) the correct flag is passed to
Samba/Windows so that it should force NTLMv1 auth, even if they've
disabled NTLMv1 on the AD servers. In the past that would just
break your wireless auth.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list