active directory host authentication

Joe Vieira jvieira at
Wed Apr 18 18:05:39 CEST 2007

    Using freeradius 1.1.5 samba 3.0.24...i have an interesting problem, 
and was curious what methods other people would take to solve it. 

    I am setting up radius for our new wpa2 wireless network, which 
means that windows machine auth should work so that people can LOGIN to 
their laptops.  i have it working (with a slight hack).  when a windows 
xp machine sends its machine auth to radius it sends 
host/machinename.activedirectorydomain.domain.domain.  so freeradius 
takes the activedirectorydomain part of that and assumes that the 
domain's actual name (what you use for authentication)  in our 
case....blame the windows people, that is NOT the case.  example is the dns name...however that computer is 
actually joined to the CLARKU the authentication needs to be 
against the CLARKU domain as the AD domain doesn't exist.  does that 
make sense?  any ideas?

the hack i have in place is a hardcoded domain of CLARKU in the 
NTLM_AUTH check(this can't stay as we have multiple domains).

thanks in advance for any insight.


More information about the Freeradius-Users mailing list