Reset Search
 

 

Article

Is NAC Capable of doing NTLM v2?

« Go Back

Information

 
TitleIs NAC Capable of doing NTLM v2?
Question
Is NAC Capable of doing NTLM v2?
Environment
Extreme Access Control
Answer
Extreme Access Control is capable of doing NTLMv2, however MsCHAPv2 authentication requires NTLMv1 in order to hash the password correctly. 

Per the Extreme EAC help files:

These protocols do not work if the active directory domain server is set to only allow NTLMv2 authentication because these protocols do not use NTLMv2 and the hash passed to NAC Manager is rejected by the active directory server. Allowing only NTLMv2 authentication only works if NAC Manager proxies the 802.1x request to Microsoft IAS/NPS. Microsoft IAS/NPS allows this lower level of authentication because it is in a TLS session, which Microsoft believes makes it as secure as NTLMv2

As of 8.1.3 and 8.2.3 Extreme Control Engines now support AD environments that have lanman security level set to "NTLMV2" only. 
The Extreme Control Appliance will flag itself as a server that requires NTLMv1, the protocol used will still be NTLMv1, but Microsoft will allow the communication even though "NTLMv2 Only" is set.
Additional notes
Additional Reference: https://technet.microsoft.com/en-us/library/cc772468.aspx

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255