Should I post the debug log here, or a pastebin, or...? --J
-----Original Message----- From: freeradius-users-bounces+mcnuttj=missouri.edu@lists.freeradius .org [mailto:freeradius-users-bounces+mcnuttj=missouri.edu@lists.fr eeradius.org] On Behalf Of Alan DeKok Sent: Sunday, February 27, 2011 1:51 PM To: FreeRadius users mailing list Subject: Re: New User and AD Question
McNutt, Justin M. wrote:
New member to the list, here. I have a question about AD computer-based authentication. Basically, how is it accomplished?
http://deployingradius.com/documents/configuration/active_dire ctory.html
It's pretty much the same as normal user authentication. PEAP goes in, authentication goes out, never a miscommunication. :)
The EAP functions for clients using EAP-TTLS and EAP-PEAP work just fine for all users in all domains (authenticated via ntlm_auth) EXCEPT for the "host\\computer.domain.name" users (the computer accounts). I'd like to make this work, partly because a large number of the failed login attempts in my logs are from hosts that are valid domain members.
So... what goes wrong?
Sooo... help? What's the basic idea behind making this work?
Post the debug log from a failed session.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html