Machine-Authentication against SaMBa account in LDAP Directory
Christian Hohmann
Christian-Hohmann at web.de
Tue May 8 16:13:33 CEST 2007
Hi members,
I have a problem with the name of hosts. Here is the situation:
I have an LDAP Directory which is filled by samba-Deamon, for example with hosts that are added to my domain. Samba signs every host-account with a "$" at the end. If my laptop would be named christian, the entry created by SaMBa in LDAP is "christian$"
Now I configured host authentication of windows Machines with freeradius. Windows machines are configured to answer with their host account and password. The windows machine christian answeres with the string "host/christian" als Username. I configured realm with proxy to cut away host/. So the current Username is "christian".
The username in LDAP is "christian$" and so I added a $ sign in the following line of the radiusd.conf
Change the line from : filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
to: filter = "(uid=%{Stripped-User-Name:-%{User-Name}}$)"
This adds a $ sign to every User ID at the end. I can do authentication for all Hosts authenticate with their host account.
The problem is, that I have no possibility to authenticate with a username that has no $ as last character. This is the case for all users exept host accounts.
Do you have a hint for me, how I could add the $ sign at the end of hostnames, but not for "normal users"?
Best regards
Christian
_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
More information about the Freeradius-Users
mailing list