Disabling ntlmv1 usage in FR 3.0.12

Alex Sharaz alex.sharaz at york.ac.uk
Wed May 4 16:14:53 CEST 2016


o.k thanks for that ..... guess I'll start pushing EAP-TLS then :-))
A

On 4 May 2016 at 15:10, Matthew Newton <mcn4 at leicester.ac.uk> wrote:

> On Wed, May 04, 2016 at 02:56:56PM +0100, Alex Sharaz wrote:
> > Our systems  people are always grumbling about our FR servers being the
> > only boxes that use  NTLMv1. Will the above config keep them happy and
> > stop  these servers from using it?
>
> Not possible; MSCHAPv2 depends on it. So they may as well get used
> to it.
>
> In the latest FR (using wbclient) the correct flag is passed to
> Samba/Windows so that it should force NTLMv1 auth, even if they've
> disabled NTLMv1 on the AD servers. In the past that would just
> break your wireless auth.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list