Machine account authentication progress?
Peter Savage
petesavage at ubuntu.com
Thu May 17 14:15:12 CEST 2007
On 17/05/07, Alan DeKok <aland at deployingradius.com> wrote:
>
> Peter Savage wrote:
> > Has anything happened in this area, to allow machine authentication
> > against AD?
>
> It works. It's worked for a long time. See the ChangeLog for 1.1.0,
> released over a year ago.
>
> > From reading the mailing list I believe it was a problem
> > with ntlm_auth, is this any closer to getting fixed, if not, how do
> > people work around it. We have laptops here that authenticate against
> > the domain if it's available, or locally if not. There is a logon
> > script if they are at the site. How best I work round this?
>
> I'm not sure what you mean.
Bsically we need to authenticate and be joined to the network, before a user
logs in. IAS does this with machine/computer domain based authentication.
So far as FreeRADIUS is concerned, "machine authentication" is just
> like doing user authentication. The machine uses 802.1x to get network
> access, and FreeRADIUS checks the credentials against Active Directory.
>
> This is *not* the same as the machine logging into the domain. It is
> completely different.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Pete Savage - cbx33::silentk
wiki.ubuntu.com/PeteSavage
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070517/1a834cd4/attachment.html>
More information about the Freeradius-Users
mailing list