MSCHAPV2 NTLM Auth and Smbv2/3
Alan DeKok
aland at deployingradius.com
Thu Jun 8 16:08:45 CEST 2017
On Jun 8, 2017, at 10:01 AM, Arnab Roy <arnabroy at mail.com> wrote:
>
> Just been sent back from the samba lists to here...:))) they are saying
> to use ldaps instead?
You didn't ask the right question.
Active Directory does not allow FreeRADIUS to query the user's password via LDAP, or LDAPS.
FreeRADIUS has MS-CHAP authentication data, and needs to be able to ask Active Directory "is this OK?"
The ONLY way to do this is via ntlm_auth.
Alan DeKok.
More information about the Freeradius-Users
mailing list