Authenticate with machine account and without ntlm_auth
Alexey D. Filimonov
alexey at filimonic.net
Tue Nov 19 11:32:14 UTC 2024
> Does someone know how to obtain the machine account password or
nt-password from a windows machine account
You can not do MSCHAPv2 auth with computer context in modern Windows 11
OS, as virtualization-based security and credential guard prohibits
access of RRAS(?) to this data. You should disable this internal
protection first. Also note that not all directories have such concept
as "computer account password", ex, FreeIPA or RedHat IDM don't.
Just drop the idea of using computer account passwords and use
certificates (EAP-TLS or PEAP-TLS). Leave password authentication to
unmanaged devices like personal laptops and smartphones. Create a new
user account for those devices each time you need to setup a device.
On 2024-11-18 17:48, Rodrigo Antunes via Freeradius-Users wrote:
> Does someone know how to obtain the machine account password or nt-password from a windows machine account
More information about the Freeradius-Users
mailing list