'RE: Active Directory authentication question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    RE: Active Directory authentication question
From:       <stefan.paetow () diamond ! ac ! uk>
Date:       2013-09-25 15:23:26
Message-ID: 9428D31DB2155647B82B8B889632234B0AD512A6 () EXCHMBX03 ! fed ! cclrc ! ac ! uk
[Download RAW message or body]

> But in the EAP-TLS section from eap.conf file, I don't see any
> reference to MSCHAPv2....and remember the NTLM authentication query is
> set up in the MSCHAPv2 module....

EAP-TLS does not use MSCHAPv2. It uses certificates. 

I quote Alan DeKok's response to your question on September 18:

> > Dear, I have several Windows 7 clients over WiFi autheticating throug
> > EAP-TLS to a Freeradius 2.1 service against a local MySQL database, it
> > works OK.
> 
> EAP-TLS doesn't use MySQL for storing credentials.  Everything is in
> the certificate.
> 
> > Because I don't know so much about Windows world, I need to know if I
> > have to use NTLM, LDAP or Kerberos in order to authenticate against
> > the remote AD.
> 
> For MS-CHAP and PEAP, you use ntlm.  You don't have any other choice.
> 
> For EAP-TLS, you don't use AD or MySQL.



-- 
This e-mail and any attachments may contain confidential, copyright and or privileged \
material, and are for the use of the intended addressee only. If you are not the \
intended addressee or an authorised recipient of the addressee please notify us of \
receipt by returning the e-mail and do not use, copy, retain, distribute or disclose \
the information in or attached to the e-mail. Any opinions expressed within this \
e-mail are those of the individual and not necessarily of Diamond Light Source Ltd.  \
Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are \
free from viruses and we cannot accept liability for any damage which you may sustain \
as a result of software viruses which may be transmitted in or with the message. \
Diamond Light Source Limited (company no. 4375679). Registered in England and Wales \
with its registered office at Diamond House, Harwell Science and Innovation Campus, \
Didcot, Oxfordshire, OX11 0DE, United Kingdom  



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic