PEAP against Samba PDC through auth_ntlm

Phil Mayers p.mayers at imperial.ac.uk
Fri May 19 19:10:43 CEST 2006


Jérémy Cluzel wrote:
> Well, I search for "PEAP Machine Authentication", and I only found some 
> of my posts concerning how to make machine auth working against a 
> windows AD... nothing concerning a samba acting as PDC...
> As I said, PEAP auth (both machine and user) work against an AD, the 
> problem only concerns the samba PDC.



> I found some posts where logins like "host\mahine_name" seem to be 
> converted as "machine_name$" (like 
> http://lists.freeradius.org/pipermail/freeradius-users/2006-March/051487.html), 
> but none explains how to do this: hints file ? proxy.conf ? realms ? 
> ntdomain_hack ?

CVS and 1.1.0+ versions of FreeRadius do this host\foo -> foo$ 
conversion for you inside the rlm_mschap module. Earlier versions will 
need a hints file entry, something like:

DEFAULT	 User-Name =~ "^host\\\\(.*)"
	User-Name = `$1$`



More information about the Freeradius-Users mailing list