[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Example configuration that proxy PEAP MSCHAPv2 to an IAS server
From: Alan DeKok <aland () deployingradius ! com>
Date: 2011-08-31 20:32:11
Message-ID: 4E5E9A4B.6020305 () deployingradius ! com
[Download RAW message or body]
Jacob Dawson wrote:
> That's the case here. Our AD servers are set to only accept NTLMv2, and they won't \
> budge from that. The workaround for us is to proxy the inner tunnel on domain user \
> authentications to IAS and let it handle talking to AD over NTLMv2. There's a \
> registry hack involved, and it either lets them cheat and speak NTLMv1, or it \
> somehow lets them have a v2 conversation; I've never been clear on which it is.
> Full disclosure, I haven't been able to get this proxy-inner-tunnel stuff to fly \
> consistently under 2.1.11.
It really should work... it works for my tests.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic