ldap machine account auth tutorial

Phil Mayers p.mayers at imperial.ac.uk
Mon Feb 1 15:06:23 CET 2010


On 01/02/10 12:46, cd wrote:
> hello
> I'm looking for a toturial ti authenticate XP machines accounts (ldap backend) on boot with freeradius
>
>
> here a computer LDAP entry
> dn: uid=pc-42ee2079$,ou=computer,ou=ressources,ou=test,o=coin,c=fr
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: sambaSamAccount
> cn: pc-42ee2079$
> uid: pc-42ee2079$
> uidNumber: 10006
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> structuralObjectClass: account
> sambaSID: S-1-5-21-902432509-630223792-3260868441-1000
> displayName: pc-42EE2079$
> sambaAcctFlags: [W ]
> sambaNTPassword: 2A8BBB29BEF5F91B02AF687290ADB4F7
> sambaPwdLastSet: 1262772595
>
>
>
> should I put in ldap.attr
> checkItem Cleartext-Password sambaNTPassword

The required config is:

checkItem       NT-Password                     sambaNtPassword

...and should already by in the ldap.attrmap

One thing to be aware of - the username as supplied in 802.1x will be:

host/hostname.domain.com

...and this needs to be re-written to:

hostname$

...the "mschap" module will do this for you; you need to ensure that 
you're using:

%{mschap:User-Name}

...in your LDAP filters.



More information about the Freeradius-Users mailing list