active directory host authentication
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Apr 18 19:56:15 CEST 2007
Hi,
> xp machine sends its machine auth to radius it sends
> host/machinename.activedirectorydomain.domain.domain. so freeradius
> takes the activedirectorydomain part of that and assumes that the
> domain's actual name (what you use for authentication) in our
> case....blame the windows people, that is NOT the case. example
> computer.ad.clarku.edu is the dns name...however that computer is
> actually joined to the CLARKU domain..so the authentication needs to be
> against the CLARKU domain as the AD domain doesn't exist. does that
> make sense? any ideas?
well, you can use regexp/attr_filter to look for these systems
and then just chop off the activedirectorydomain.domain.domain. part
thus allowing the AD REALM to be forced by yourselves.
alan
More information about the Freeradius-Users
mailing list