Re: Machine account authentication progress?
Hi,
> I followed the wiki howto,
> http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO,
> and it works great for user authentication, but does nothing for mchine
> authentication. Is there something extra I have o configure for machine
> access? Like the ntlm_auth line?
basic steps
1) generate correct certs. configure eap.conf
2) bind system into the AD (needs config of samba, winbind and 'net ads join' commands
as per docs all over the web
3) change permissions in winbindd_priviledged directory or ntlm_auth wont work
(you'll get debug logs saying winbind_auth_crap permissions not correct etc)
4) enable the ntlm_auth line - ensuring its correct for your application/usage
5) spend time massaging the Stripped-Username or Username to ensure that you
only pass the machine over to the AD during ntlm_auth - check the mailing list
history for such useful methods
alan
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.