Machine account authentication progress?

Peter Savage petesavage at ubuntu.com
Thu May 17 14:15:12 CEST 2007


On 17/05/07, Alan DeKok <aland at deployingradius.com> wrote:
>
> Peter Savage wrote:
> > Has anything happened in this area, to allow machine authentication
> > against AD?
>
>   It works.  It's worked for a long time.  See the ChangeLog for 1.1.0,
> released over a year ago.
>
> >  From reading the mailing list I believe it was a problem
> > with ntlm_auth, is this any closer to getting fixed, if not, how do
> > people work around it.  We have laptops here that authenticate against
> > the domain if it's available, or locally if not.  There is a logon
> > script if they are at the site.  How best I work round this?
>
>   I'm not sure what you mean.


Bsically we need to authenticate and be joined to the network, before a user
logs in.  IAS does this with machine/computer domain based authentication.

  So far as FreeRADIUS is concerned, "machine authentication" is just
> like doing user authentication.  The machine uses 802.1x to get network
> access, and FreeRADIUS checks the credentials against Active Directory.
>
>   This is *not* the same as the machine logging into the domain.  It is
> completely different.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Pete Savage - cbx33::silentk
wiki.ubuntu.com/PeteSavage
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070517/1a834cd4/attachment.html>


More information about the Freeradius-Users mailing list