RE: [ActiveDir] - reverse encryption of ad passwords

[Roger Seielstad]

Title: Message

Well, Win2k and later include the Internet Authentication Service, which IS RADIUS for Windows using AD as the database. I believe RADIUS servers can be chained (a la LDAP referrals) as well.     -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: Wilhelm, Brent [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 7:02 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] - reverse encryption of ad passwords     Hey everybody,                           Our network engineer is pushing us to turn on reverse encryption at the root level so that he can stand up a third party radius server against it.             Everything that my guys (server guys) have found says not to do it unless you absolutely have to because it stores them in clear text.   Link: http://msdn.microsoft.com/library/default.asp?url="">               So...  of course we don't want to flip the switch.               Does anyone know anything else about reverse encryption that might be of interest?             Does anyone know anything other ways to allow a third party (Steel Belted Radius) to talk with the AD?   Thanks - Brent