Windows-Domain login without local users

King, Michael MKing at bridgew.edu
Mon Nov 6 16:06:31 CET 2006


I'm Interpreting your question a little....

Please correct the question if I've got it wrong.

You want to user's to be able to have network connectivity at the logon
prompt, so they're username/password is sent to the domain?

You need to use Machine Authentication. (AKA computer account
authentication)  This only works with:
1.  Computers that are joined to the domain
2.  FreeRADIUS is fairly recent 
3.  Samba is fairly Recent (I think you need 3.0.21b or above)
4.  Client is configured to use Computer account when available. (This
is a supplicant config setting) 

> -----Original Message-----
> From: 
> freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.or
> g 
> [mailto:freeradius-users-bounces+mking=bridgew.edu at lists.freer
> adius.org] On Behalf Of Michael Messner
> Sent: Monday, November 06, 2006 9:37 AM
> To: freeradius-users at lists.freeradius.org
> Subject: Windows-Domain login without local users
> 
> hey freeRADIUS users,
> 
> PEAP auth. works now with *X and MS-clients, the backend is a 
> freeradius server on centOS with active directory connection.
> Now, the user needs a local account to login to the 
> clientmachine and then he is able to start the PEAP 
> authentication process.
> 
> A local login for every user is a big overhead! What is the 
> normal way to handle this?
> 
> 
> thanks
> ca mIke
> 
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 




More information about the Freeradius-Users mailing list