dot1x with samba workstation accounts

Jens Weibler jens.weibler at
Wed Jun 16 18:40:06 CEST 2010


I'm trying to authenticate my windows boxes with dot1x against
freeradius. Everything is working fine if I'm using a normal user.

But I want to use the samba workstation accounts from ldap. The problem:
mschap blocks accounts which have only the W-sambaAcctFlag set:

> info: [mschap] SMB-Account-Ctrl says that the account is disabled, or
> is not a normal account.

Shouldn't it be possible to use workstation accounts? My temporary
solution is to exclude querying sambaAcctFlag. No real solution if you
want to lock out really expired or disabled accounts :(

Jens Weibler

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6022 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the Freeradius-Users mailing list