|
Rick,
Thanks for the info, I will look into it ASAP.
Brent
-----Original Message-----
Brent,
I can't even imagine why your Network Engineer would think that you need to enable Reverse Encryption for SBR to work. Your first question should be 'Do you REALLY know what you're doing?" SBR does NOT require this setting - at least the current version(s), including the past couple of years. I've implemented SBR and know this isn't necessary.
How/ what is this being implemented for? PKI is available, as is EAP-TLS (specifically for the WiFi environment).
SBR communicates with AD via the services that are installed. Look here for a bit more information on install, but you are 100% correct for resisting Reverse Encryption. RE is bad - very bad.
http://www.funk.com/subsections/sbrtechnotes.asp
Rick
Kingslan MCSE, MCSA, MCT
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Wilhelm, Brent
Hey everybody,
Our network engineer is pushing us to turn on reverse encryption at the root level so that he can stand up a third party radius server against it. Everything that my guys (server guys) have found says not to do it unless you absolutely have to because it stores them in clear text.
Link: http://msdn.microsoft.com/library/default.asp?url="">
So… of course we don’t want to flip the switch.
Does anyone know anything else about reverse encryption that might be of interest? Does anyone know anything other ways to allow a third party (Steel Belted Radius) to talk with the AD?
Thanks - Brent |
- [ActiveDir] - reverse encryption of ad passwords Wilhelm, Brent
- Re: [ActiveDir] - reverse encryption of ad password... [EMAIL PROTECTED]
- RE: [ActiveDir] - reverse encryption of ad password... Rick Kingslan
- RE: [ActiveDir] - reverse encryption of ad password... Roger Seielstad
- RE: [ActiveDir] - reverse encryption of ad password... Michael B. Smith
- Wilhelm, Brent
