Wifi + Active Directory without ntlm
Alan DeKok
aland at deployingradius.com
Thu May 14 15:40:25 CEST 2020
On May 14, 2020, at 9:32 AM, Клеусов Владимир Сергеевич via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Ideally, I want to authenticate the domain user and if he is in the domain, check his group. If not in the group, do not connect to wifi. Is this possible without ntlm ?
Read this: http://deployingradius.com/documents/protocols/compatibility.html
AD is in the column for "NT-Hash / ntlm_auth". Those are your options.
And as a general rule, we give the *simplest* possible way to get things done. We have to use FreeRADIUS, too. It's just not helpful to make things complicated.
So if we recommend ntlm, it's because ntlm is the simplest way to get things done.
Alan DeKok.
More information about the Freeradius-Users
mailing list