Windows Pre-Login Auth

[Scott Hughes]

-----Original Message-----
From: freeradius-users-bounces+scott=renshawauto.net at lists.freeradius.org
[mailto:freeradius-users-bounces+scott=renshawauto.net at lists.freeradius.org]
On Behalf Of Phil Mayers
Sent: Friday, September 09, 2011 9:21 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: Windows Pre-Login Auth

On 09/09/2011 03:00 PM, Scott Hughes wrote:
> Hello all,
>
> I have been using FreeRadius for several years now and am stuck trying 
> to make our Windows based wireless system authenticate PRIOR to user
login.
>
> I have searched the FreeRadius and Deploying FreeRadius sites as well 
> as Google, but no luck. Here is a brief over-view of my FreeRadius setup:
>
> 1) Clients: Windows XP & Windows 7 (Professional in both cases - NO 
> VISTA!)
>
> 2) Currently running FreeRadius version 2.0.5
>
> 3) Currently authenticating users via TLS/PEAP with computer 
> name/username
>

I'm not sure what you're asking here.

Pre-login auth is entirely client side. As long as FreeRADIUS can
authenticate the users, it'll just work. Have you tried it?

I assume you are using Samba/ntlm_auth to verify the PEAP/MSCHAP against
your domain?
-

My apologies for not being clear. Please ignore the second part of my post.
I simply wanted to be complete in my posting as to where I currently am
(authenticating via the users file) and where I would like to go in case it
is relevant (authenticating via Active Domain).

I am attempting to authenticate the computer name using certificates prior
to the user logging in. I have configured the certificates but I am still
not able to login. I've tried client certificates for user name and several
variations of the computer name, but again, it did not work. I am changing
the common name in the client certificate which is what it seems to key off
of.

Thanks,
Scott