Using machine auth from a remote eduroam site
Alex Sharaz
alex.sharaz at york.ac.uk
Tue Mar 27 18:36:53 CEST 2018
Thanks for that Jason, I do something similar to differentiate between UoY and HYMS, I’ll try it out
Rgds
A
Sent from my iPhone
> On 27 Mar 2018, at 17:19, Trinklein, Jason R <trinkleinj at cofc.edu> wrote:
>
> When we first set up FR3 with winbind, we found that machine based auth didn't work through winbind, but it did work through ntlm-auth. To solve this, we differentiate the mechanisms for each kind of authentication. In the mschap module, we have a second section called mschap_host in which ntlm-auth is called instead of winbind. I'm not sure if that's been fixed since we first set it up, but it may be worth a try for you.
>
> # MSCHAP authentication.
> Auth-Type MS-CHAP {
> if (User-Name =~ /^host\//){
> mschap_host
> }
> else{
> mschap
> }
> }
> From: Freeradius-Users <freeradius-users-bounces+trinkleinj=cofc.edu at lists.freeradius.org> on behalf of Isaac Boukris <iboukris at gmail.com>
> Sent: Tuesday, March 27, 2018 12:05:47 PM
> To: Alex Sharaz
> Cc: FreeRadius users mailing list
> Subject: Re: Using machine auth from a remote eduroam site
>
> On Tue, Mar 27, 2018 at 6:51 PM, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
> > Well its getting better,
> > I now get
> >
> > Tue Mar 27 16:34:46 2018 : Auth: (24212) Login incorrect (Home Server
> > says so):[host/dpslap001.its.york.ac.uk] (from client yorkcc port 178
> > cli 80-86-F2-E0-7D-24)
> > Tue Mar 27 16:34:46 2018 : Auth: (24212) Login incorrect:
> > [host/dpslap001.its.york.ac.uk] (from client yorkcc port 178 cli
> > 80-86-F2-E0-7D-24)
>
>
> That's not necessarily better. Debugging winbind daemon could give
> more insights.
> -
> List info/subscribe/unsubscribe? See https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7Ca022c7e9bdd34ac7d14108d593fca3bb%7Ce285d438dbba4a4c941c593ba422deac%7C0%7C0%7C636577635641971699&sdata=FTqCf3KRmL2XOOV%2BMtjNVrptSI77cAwmNMBS0OWz%2Bo0%3D&reserved=0
More information about the Freeradius-Users
mailing list