Machine-Authentication against SaMBa account in LDAP Directory

[Christian Hohmann]

Hi members,

I have a problem with the name of hosts. Here is the situation:
I have an LDAP Directory which is filled by samba-Deamon, for example with hosts that are added to my domain. Samba signs every host-account with a "$" at the end. If my laptop would be named christian, the entry created by SaMBa in LDAP is "christian$"

Now I configured host authentication of windows Machines with freeradius. Windows machines are configured to answer with their host account and password. The windows machine christian answeres with the string "host/christian" als Username. I configured realm with proxy to cut away host/. So the current Username is "christian".

The username in LDAP is "christian$" and so I added a $ sign in the following line of the radiusd.conf

Change the line from : filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
to:  filter = "(uid=%{Stripped-User-Name:-%{User-Name}}$)"

This adds a $ sign to every User ID at the end. I can do authentication for all Hosts authenticate with their host account. 

The problem is, that I have no possibility to authenticate with a username that has no $ as last character. This is the case for all users exept host accounts.

Do you have a hint for me, how I could add the $ sign at the end of hostnames, but not for "normal users"?

Best regards

Christian
_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192