[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Example configuration that proxy PEAP MSCHAPv2 to an IAS server
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2011-08-31 20:32:11
Message-ID: 4E5E9A4B.6020305 () deployingradius ! com
[Download RAW message or body]

Jacob Dawson wrote:
> That's the case here.  Our AD servers are set to only accept NTLMv2, and they won't \
> budge from that.  The workaround for us is to proxy the inner tunnel on domain user \
> authentications to IAS and let it handle talking to AD over NTLMv2.  There's a \
> registry hack involved, and it either lets them cheat and speak NTLMv1, or it \
> somehow lets them have a v2 conversation; I've never been clear on which it is. 
> Full disclosure, I haven't been able to get this proxy-inner-tunnel stuff to fly \
> consistently under 2.1.11.

  It really should work... it works for my tests.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]