Proxying PAP to PEAP-MSCHAP-V2
Martin Pauly
pauly at hrz.uni-marburg.de
Fri Sep 4 17:51:54 CEST 2020
Am 02.09.20 um 10:55 schrieb Xand Meaden via Freeradius-Users:
> NPS RADIUS servers which are configured to only support PEAP-MSCHAP-V2
The NPS surely is a member of a windows domain, right?
If the admins of that domain allowed your FR as a member
(i.e. a samba instance on your server), you could feed the passwords
directly to mschap/ntlm_auth. This _might_ increase performance over
external wpa_supplicant or eapol_test as using this functionality
no longer requires spawning an external process.
But extending an AD domain like that may pose security issues of its own.
Martin
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
D-35032 Marburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5391 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200904/ca98fa85/attachment.bin>
More information about the Freeradius-Users
mailing list