Machine account authentication progress?
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu May 17 15:15:33 CEST 2007
Hi,
> I followed the wiki howto,
> http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO,
> and it works great for user authentication, but does nothing for mchine
> authentication. Is there something extra I have o configure for machine
> access? Like the ntlm_auth line?
basic steps
1) generate correct certs. configure eap.conf
2) bind system into the AD (needs config of samba, winbind and 'net ads join' commands
as per docs all over the web
3) change permissions in winbindd_priviledged directory or ntlm_auth wont work
(you'll get debug logs saying winbind_auth_crap permissions not correct etc)
4) enable the ntlm_auth line - ensuring its correct for your application/usage
5) spend time massaging the Stripped-Username or Username to ensure that you
only pass the machine over to the AD during ntlm_auth - check the mailing list
history for such useful methods
alan
More information about the Freeradius-Users
mailing list