Authenticate with machine account and without ntlm_auth
Matthew Newton
mcn at freeradius.org
Thu Nov 14 19:28:17 UTC 2024
On 14/11/2024 18:40, Dave Funk wrote:
> On Thu, 14 Nov 2024, Alan DeKok wrote:
>
>> On Nov 14, 2024, at 12:25 PM, Rodrigo Antunes via Freeradius-Users
>> <freeradius-users at lists.freeradius.org> wrote:
>>> Hi, I'd like to authenticate a PC using it's machine account and the
>>> mschap module, without calling ntlm_auth, is this possible?
>
> If using ntlm_auth is so issuous that it needs to be avoided another
> approach would be to use eap-tls with the PC's SSL certificate that was
> issued by the domain (assuming your AD domain has a CA).
This. It's faster, more secure, and a lot simpler to set up.
--
Matthew
More information about the Freeradius-Users
mailing list