authenticate machine accounts with ntlm_auth
aland at ox.org
Fri Jul 29 19:17:00 CEST 2005
<martin.p.bradley at bt.com> wrote:
> I'm very frustrated now after spending a couple of weeks trying to get
> free radius to authenticate my Win2k machine accounts against active
> directory. :-(
Sorry, blame Microsoft. It isn't possible, but they don't make it
obvious that it's not possible.
> Alan, do you know of any way to get this working. I have been assured
> that Funk can do this, have you any idea how Funk are doing it. Funk
> costs too much. Maybe I'm not allowed to ask such questions.
Funk does it by running the radius server on the AD server. At that
point, they can use *internal* Windows API's or hacks to get at the
data. Since FreeRADIUS is running externally, it can't use those
API's, and thus won't work.
FreeRADIUS *will* run on XP. If someone were to write the necessary
code, you could run the server on XP, and do what Funk does.
More information about the Freeradius-Users