802.1x machine authentication patch help

Phil Mayers p.mayers at imperial.ac.uk
Mon Oct 1 13:52:56 CEST 2007

On Mon, 2007-10-01 at 10:41 +0100, Marco Casulli wrote:
> Touchy! :-)

Read this list for a while, then you'll see why people get irate when
their advice isn't followed ;o)

> I was only asking as I am not an expert on this subject and wanted to
> understand why Samba came in the loop?

In a domain environment, FreeRadius authenticates mschap by a callout to
the Samba "ntlm_auth" program; this in turn makes an RPC call to the
domain controller. In older versions of samba, the RPC call lacks the
flag to say "machine accounts are acceptable here", so they fail

In later versions, the flag is present.

More information about the Freeradius-Users mailing list