<div dir="ltr">Hi<div><br></div><div>Could it be you are in a AD environment - your request looks like to what I see in my environment.</div><div>If so: Domain-joined Windows machines (for what I have tested) have a computer account in AD.</div>
<div>This can be used by the Windows (never tested with domain-joined Macs or Linux machines)</div><div>client to authenticate as machine against the network (using PEAP-MSCHAPv2).</div><div>Technically you don't authenticate by hostnames but you use the computers' AD account.</div>
<div><br></div><div>Another way would be to use EAP-TLS with certificates on your machines.<br></div><div><br></div><div>If you implement the Samba/winbind way as described by <a href="http://deployingradius.com">deployingradius.com</a> you can in authenticate computer</div>
<div>accounts. - It required me to tweak the LDAP default config for group-based authorization, but In case this is what you </div><div>are looking for, ping back and I can show you LDAP filters i use.</div><div><br></div>
<div>If you are only into authentication, most likely the public pages will already let you in, but </div><div>(at least on Debian wheezy) I had tomodify modules/mschap as follows:</div><div><br></div><div><div>mschap {</div>
</div><div><br></div><div><div>...</div><div> with_ntdomain_hack = yes</div><div>...</div></div><div><div> # Debian</div><div> # ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"</div>
<div> # Mine (at least that made it work)</div><div> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"</div>
<div>...</div></div><div>}</div><div><br></div><div>-- Mathieu</div></div>