Machine account authentication progress?
Peter Savage
petesavage at ubuntu.com
Thu May 17 15:29:20 CEST 2007
>
> 1) generate correct certs. configure eap.conf
> 2) bind system into the AD (needs config of samba, winbind and 'net ads
> join' commands
> as per docs all over the web
> 3) change permissions in winbindd_priviledged directory or ntlm_auth wont
> work
> (you'll get debug logs saying winbind_auth_crap permissions not correct
> etc)
> 4) enable the ntlm_auth line - ensuring its correct for your
> application/usage
>
> 5) spend time massaging the Stripped-Username or Username to ensure that
> you
> only pass the machine over to the AD during ntlm_auth - check the mailing
> list
> history for such useful methods
>
> I have done all these steps except number 5. Are you saying that we can
now get machine names to authenticate prior to the user actually logging
in? I can get it working fine after the user has logged in. It's just
getting the machine to join the wireless network before log in so that they
join the domain ok.
--
Pete Savage - cbx33::silentk
wiki.ubuntu.com/PeteSavage
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070517/95a7423c/attachment.html>
More information about the Freeradius-Users
mailing list