active directory host authentication
jvieira at clarku.edu
Wed Apr 18 18:05:39 CEST 2007
Using freeradius 1.1.5 samba 3.0.24...i have an interesting problem,
and was curious what methods other people would take to solve it.
I am setting up radius for our new wpa2 wireless network, which
means that windows machine auth should work so that people can LOGIN to
their laptops. i have it working (with a slight hack). when a windows
xp machine sends its machine auth to radius it sends
host/machinename.activedirectorydomain.domain.domain. so freeradius
takes the activedirectorydomain part of that and assumes that the
domain's actual name (what you use for authentication) in our
case....blame the windows people, that is NOT the case. example
computer.ad.clarku.edu is the dns name...however that computer is
actually joined to the CLARKU domain..so the authentication needs to be
against the CLARKU domain as the AD domain doesn't exist. does that
make sense? any ideas?
the hack i have in place is a hardcoded domain of CLARKU in the
NTLM_AUTH check(this can't stay as we have multiple domains).
thanks in advance for any insight.
More information about the Freeradius-Users