MSCHAPV2 NTLM Auth and Smbv2/3

Alan DeKok aland at
Thu Jun 8 16:23:48 CEST 2017

On Jun 8, 2017, at 10:18 AM, Arnab Roy <arnabroy at> wrote:
>   I asked right question but the person replying didn't understand how
>   freeradius does mschap auth...

  Then it's your responsibility to communicate with him, instead of coming back here and making it our problem.

>   Instead of arguing with anyone it's better if we start to work together
>   so between samba and freeradius a solution could be achieved as the AD
>   admin will not care about our headaches and simply tell to use nps
>   instead!.

  We can't fix the problem.  So there's no point in talking about it here.

  We don't implement ntlm_auth.  Samba does.

  Samba doesn't control the AD security settings.  Your local AD administrator does.

  Samba doesn't control how ntlm_works.  Microsoft does.

  The only person here who has a choice is your local AD administrator.  Convince him to help you, and it will work.

  Asking people to "work together" is just you trying to make us responsible for the mistakes of your AD administrator.  

  No amount of poking FreeRADIUS or Samba will work around these limitations.  There are 100% outside of our control.

  Tell your AD administrator to fix the security settings.  It's 2017.  It shouldn't be difficult.

  Alan DeKok.

More information about the Freeradius-Users mailing list