(RADIATOR) ntlmv2 and Kerberos support in radiator

191snitch at planet.nl 191snitch at planet.nl
Wed Jul 13 08:02:00 CDT 2005


Hi, 

Perhaps my question is not completely clear: 
I am trying to select an appropriate Radius server for a new
wireless environment. The (XP) clients will connect by PEAP/MS-CHAPv2 via
the Radius server to a Windows AD. (Radius uses the Windows AD as
external database). In the environment the XP clients and Windows
servers will use NTLMv2 (or kerberos). When using Cisco ACS 3.x as a
Radius server this will not work since Cisco does currently in version
3.x only support NTLMv1. So now I am trying to find out if Radiator
supports NTLMv2 or Kerberos for this purpose. In dec 2004 Radiator does
(apparently) not support NTLMv2:
http://www.open.com.au/archives/radiator/2004-12/msg00009.html
Because of security issues of the weak NTLMv1 there has been decided
that this should not be used.

So, does Radiator currently supports NTLMv2 or Kerberos for this
purpose? (authenticating wireless winxp clients to an MS AD).

Best regards,

Leo





----- Oorspronkelijk bericht -----
Van: Mike McCauley <mikem at open.com.au>
Datum: dinsdag, juli 12, 2005 11:52 pm
Onderwerp: Re: (RADIATOR) ntlmv2 and Kerberos support in radiator

> Hello Leo,
> 
> It turns pout that this is a Windows internal issue, bot under the 
> control of 
> the LSA API.
> 
> This link may be helpful:
> http://www.its.caltech.edu/win/ntlmv2.html
> 
> Cheers.
> 
> 
> On Tuesday 12 July 2005 22:38, 191snitch at planet.nl wrote:
> > Hi,
> >
> > Currently I am looking for a good Secure ACS replacement because 
> of the
> > lack for ntlmv2 support/appropriate Kerberos support in it (in 
> version> 3.x). We already do use Radiator in our organization so it 
> would be a
> > logical choice to swap to Radiator.
> > (necessary for a Microsoft server AD environment + PEAP/MS-CHAPv2
> > authentication; later EAP-TLS).
> >
> > I have checked the site for NTLMv2 support in Radiator but 
> couldnt' find
> > anything except for this:
> > http://www.open.com.au/archives/radiator/2004-12/msg00009.html
> >
> > My question is: does Radiator currently support ntlmv2 and/or 
> Kerberos> support in an Microsoft Active Directory environment. If 
> Radiator does
> > not support NTLMv2 at the moment, when will that happen?
> >
> > Thanks in advance,
> > Leo
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> 
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, 
> WWW9 Bulbul Place Currumbin Waters QLD 4223 Australia   
> http://www.open.com.auPhone +61 7 5598-7474                       
> Fax   +61 7 5598-7070
> 
> Radiator: the most portable, flexible and configurable RADIUS 
> server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, 
> Emerald, 
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, 
> TLS, 
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
> 
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list