Windows Pre-Login Auth

Lovaas,Steven Steven.Lovaas at ColoState.EDU
Fri Sep 9 16:39:58 CEST 2011


As a matter of fact, this very setup saved my bacon this week. I had to get into an older Windows7 laptop, and while my domain account was a member of the admins group, I hadn't logged on since before my most recent password change (so it had my old password cached). AND the wired settings were unknown and didn't work on any LAN I tried.

So I fired up 802.11i wireless... and the pre-Windows logon text box was added to my login screen, allowing me to authenticate to FreeRADUIS (Samba/ntlm-auth) and get on the network so my machine could talk to a DC and update to use my current password.

FreeRADIUS saves the day :)

Steve



-----Original Message-----
From: freeradius-users-bounces+steven.lovaas=colostate.edu at lists.freeradius.org [mailto:freeradius-users-bounces+steven.lovaas=colostate.edu at lists.freeradius.org] On Behalf Of Phil Mayers
Sent: Friday, September 09, 2011 8:21 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: Windows Pre-Login Auth

On 09/09/2011 03:00 PM, Scott Hughes wrote:
> Hello all,
>
> I have been using FreeRadius for several years now and am stuck trying
> to make our Windows based wireless system authenticate PRIOR to user login.
>
> I have searched the FreeRadius and Deploying FreeRadius sites as well as
> Google, but no luck. Here is a brief over-view of my FreeRadius setup:
>
> 1) Clients: Windows XP & Windows 7 (Professional in both cases - NO VISTA!)
>
> 2) Currently running FreeRadius version 2.0.5
>
> 3) Currently authenticating users via TLS/PEAP with computer name/username
>

I'm not sure what you're asking here.

Pre-login auth is entirely client side. As long as FreeRADIUS can 
authenticate the users, it'll just work. Have you tried it?

I assume you are using Samba/ntlm_auth to verify the PEAP/MSCHAP against 
your domain?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list