PEAP Machine Auth without NTLM or LDAP

Phil Mayers p.mayers at imperial.ac.uk
Fri Jan 27 23:31:45 CET 2006


Jérémy Cluzel wrote:
> Hello,
> 
> I want to do machine auth with PEAP for my laptop before windows logon.
> I managed to do it with "ntlm_auth" before, but this time, I've another 
> problem, there is no PDC.

If there is no PDC, there's no domain, so there *is* no machine account.

You could use a machine certificate and EAP-TLS, but limitations of the 
winxp built in supplicant mean you'd have to also use EAP-TLS for the 
users as well.

> So, is it possible to use the "users" file instead like this:
> "computer_name" User-Password == ""
> 
> (As far as I remember it was impossible...)

It is, because there is only a machine account if there is a domain (in 
which case there is a PDC)

> 
> Any suggestions ?
> 
> Regards,
> 
> Jeremy Cluzel
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list