ldap machine account auth tutorial
Phil Mayers
p.mayers at imperial.ac.uk
Mon Feb 1 15:06:23 CET 2010
On 01/02/10 12:46, cd wrote:
> hello
> I'm looking for a toturial ti authenticate XP machines accounts (ldap backend) on boot with freeradius
>
>
> here a computer LDAP entry
> dn: uid=pc-42ee2079$,ou=computer,ou=ressources,ou=test,o=coin,c=fr
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: sambaSamAccount
> cn: pc-42ee2079$
> uid: pc-42ee2079$
> uidNumber: 10006
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> structuralObjectClass: account
> sambaSID: S-1-5-21-902432509-630223792-3260868441-1000
> displayName: pc-42EE2079$
> sambaAcctFlags: [W ]
> sambaNTPassword: 2A8BBB29BEF5F91B02AF687290ADB4F7
> sambaPwdLastSet: 1262772595
>
>
>
> should I put in ldap.attr
> checkItem Cleartext-Password sambaNTPassword
The required config is:
checkItem NT-Password sambaNtPassword
...and should already by in the ldap.attrmap
One thing to be aware of - the username as supplied in 802.1x will be:
host/hostname.domain.com
...and this needs to be re-written to:
hostname$
...the "mschap" module will do this for you; you need to ensure that
you're using:
%{mschap:User-Name}
...in your LDAP filters.
More information about the Freeradius-Users
mailing list