On 17/05/07, Alan DeKok <aland@deployingradius.com> wrote:
Peter Savage wrote:
> Has anything happened in this area, to allow machine authentication
> against AD?
It works. It's worked for a long time. See the ChangeLog for 1.1.0,
released over a year ago.
> From reading the mailing list I believe it was a problem
> with ntlm_auth, is this any closer to getting fixed, if not, how do
> people work around it. We have laptops here that authenticate against
> the domain if it's available, or locally if not. There is a logon
> script if they are at the site. How best I work round this?
I'm not sure what you mean.
Bsically we need to authenticate and be joined to the network, before a user logs in. IAS does this with machine/computer domain based authentication.
So far as FreeRADIUS is concerned, "machine authentication" is just
like doing user authentication. The machine uses 802.1x to get network
access, and FreeRADIUS checks the credentials against Active Directory.
This is *not* the same as the machine logging into the domain. It is
completely different.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/
- The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html