Machine-Authentication against SaMBa account in LDAP Directory

[Joe Vieira]

in my experience, i have seen the hosts PASS their name as 
host/HOST$.domain.domain.domain  what version of samba are you using?

Christian Hohmann wrote:
> Hi members,
>
> I have a problem with the name of hosts. Here is the situation:
> I have an LDAP Directory which is filled by samba-Deamon, for example with hosts that are added to my domain. Samba signs every host-account with a "$" at the end. If my laptop would be named christian, the entry created by SaMBa in LDAP is "christian$"
>
> Now I configured host authentication of windows Machines with freeradius. Windows machines are configured to answer with their host account and password. The windows machine christian answeres with the string "host/christian" als Username. I configured realm with proxy to cut away host/. So the current Username is "christian".
>
> The username in LDAP is "christian$" and so I added a $ sign in the following line of the radiusd.conf
>
> Change the line from : filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> to:  filter = "(uid=%{Stripped-User-Name:-%{User-Name}}$)"
>
> This adds a $ sign to every User ID at the end. I can do authentication for all Hosts authenticate with their host account. 
>
> The problem is, that I have no possibility to authenticate with a username that has no $ as last character. This is the case for all users exept host accounts.
>
> Do you have a hint for me, how I could add the $ sign at the end of hostnames, but not for "normal users"?
>
> Best regards
>
> Christian
> _______________________________________________________________
> SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
> kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>