active directory host authentication

A.L.M.Buxey at A.L.M.Buxey at
Wed Apr 18 19:56:15 CEST 2007


> xp machine sends its machine auth to radius it sends 
> host/machinename.activedirectorydomain.domain.domain.  so freeradius 
> takes the activedirectorydomain part of that and assumes that the 
> domain's actual name (what you use for authentication)  in our 
> case....blame the windows people, that is NOT the case.  example 
> is the dns name...however that computer is 
> actually joined to the CLARKU the authentication needs to be 
> against the CLARKU domain as the AD domain doesn't exist.  does that 
> make sense?  any ideas?

well, you can use regexp/attr_filter to look for these systems
and then just chop off the activedirectorydomain.domain.domain. part
thus allowing the AD REALM to be forced by yourselves.


More information about the Freeradius-Users mailing list