Brent,
I can't even imagine why your Network Engineer would think
that you need to enable Reverse Encryption for SBR to work. Your first
question should be 'Do you REALLY know what you're doing?" SBR does NOT
require this setting - at least the current version(s), including the past
couple of years. I've implemented SBR and know this isn't
necessary.
How/ what is this being implemented for? PKI is
available, as is EAP-TLS (specifically for the WiFi
environment).
SBR communicates with AD via the services that are
installed. Look here for a bit more information on install, but you
are 100% correct for resisting Reverse Encryption. RE is bad - very
bad.
Rick Kingslan MCSE, MCSA, MCT From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wilhelm, Brent Sent: Tuesday, August 26, 2003 6:02 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] - reverse encryption of ad passwords
Hey everybody,
Our network engineer is pushing us to turn on reverse encryption at the root level so that he can stand up a third party radius server against it. Everything that my guys (server guys) have found says not to do it unless you absolutely have to because it stores them in clear text.
Link: http://msdn.microsoft.com/library/default.asp?url="">
So… of course we don’t want to flip the switch.
Does anyone know anything else about reverse encryption that might be of interest? Does anyone know anything other ways to allow a third party (Steel Belted Radius) to talk with the AD?
Thanks - Brent |
- [ActiveDir] - reverse encryption of ad passwords Wilhelm, Brent
- Re: [ActiveDir] - reverse encryption of ad password... [EMAIL PROTECTED]
- RE: [ActiveDir] - reverse encryption of ad password... Rick Kingslan
- RE: [ActiveDir] - reverse encryption of ad password... Roger Seielstad
- RE: [ActiveDir] - reverse encryption of ad password... Michael B. Smith
- RE: [ActiveDir] - reverse encryption of ad password... Wilhelm, Brent