Jacob Dawson wrote: > That's the case here. Our AD servers are set to only accept NTLMv2, and they > won't budge from that. The workaround for us is to proxy the inner tunnel on > domain user authentications to IAS and let it handle talking to AD over > NTLMv2. There's a registry hack involved, and it either lets them cheat and > speak NTLMv1, or it somehow lets them have a v2 conversation; I've never been > clear on which it is. > > Full disclosure, I haven't been able to get this proxy-inner-tunnel stuff to > fly consistently under 2.1.11.
It really should work... it works for my tests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
