-----Original Message----- From: freeradius-users-bounces+scott=renshawauto.net@lists.freeradius.org [mailto:freeradius-users-bounces+scott=renshawauto.net@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Friday, September 09, 2011 9:21 AM To: freeradius-users@lists.freeradius.org Subject: Re: Windows Pre-Login Auth On 09/09/2011 03:00 PM, Scott Hughes wrote:
Hello all,
I have been using FreeRadius for several years now and am stuck trying to make our Windows based wireless system authenticate PRIOR to user login.
I have searched the FreeRadius and Deploying FreeRadius sites as well as Google, but no luck. Here is a brief over-view of my FreeRadius setup:
1) Clients: Windows XP & Windows 7 (Professional in both cases - NO VISTA!)
2) Currently running FreeRadius version 2.0.5
3) Currently authenticating users via TLS/PEAP with computer name/username
I'm not sure what you're asking here. Pre-login auth is entirely client side. As long as FreeRADIUS can authenticate the users, it'll just work. Have you tried it? I assume you are using Samba/ntlm_auth to verify the PEAP/MSCHAP against your domain? - My apologies for not being clear. Please ignore the second part of my post. I simply wanted to be complete in my posting as to where I currently am (authenticating via the users file) and where I would like to go in case it is relevant (authenticating via Active Domain). I am attempting to authenticate the computer name using certificates prior to the user logging in. I have configured the certificates but I am still not able to login. I've tried client certificates for user name and several variations of the computer name, but again, it did not work. I am changing the common name in the client certificate which is what it seems to key off of. Thanks, Scott