MSCHAPV2 NTLM Auth and Smbv2/3

Alan DeKok aland at
Thu Jun 8 16:08:45 CEST 2017

On Jun 8, 2017, at 10:01 AM, Arnab Roy <arnabroy at> wrote:
>   Just been sent back from the samba lists to here...:))) they are saying
>   to use ldaps instead?

  You didn't ask the right question.

  Active Directory does not allow FreeRADIUS to query the user's password via LDAP, or LDAPS.

  FreeRADIUS has MS-CHAP authentication data, and needs to be able to ask Active Directory "is this OK?"

  The ONLY way to do this is via ntlm_auth.

  Alan DeKok.

More information about the Freeradius-Users mailing list