Using machine auth from a remote eduroam site

Trinklein, Jason R trinkleinj at cofc.edu
Tue Mar 27 18:19:46 CEST 2018


When we first set up FR3 with winbind, we found that machine based auth didn't work through winbind, but it did work through ntlm-auth. To solve this, we differentiate the mechanisms for each kind of authentication. In the mschap module, we have a second section called mschap_host in which ntlm-auth is called instead of winbind. I'm not sure if that's been fixed since we first set it up, but it may be worth a try for you.

        #  MSCHAP authentication.
        Auth-Type MS-CHAP {
                if (User-Name =~ /^host\//){
                        mschap_host
                }
                else{
                        mschap
                }
        }

________________________________
From: Freeradius-Users <freeradius-users-bounces+trinkleinj=cofc.edu at lists.freeradius.org> on behalf of Isaac Boukris <iboukris at gmail.com>
Sent: Tuesday, March 27, 2018 12:05:47 PM
To: Alex Sharaz
Cc: FreeRadius users mailing list
Subject: Re: Using machine auth from a remote eduroam site

On Tue, Mar 27, 2018 at 6:51 PM, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
> Well its getting better,
> I now get
>
> Tue Mar 27 16:34:46 2018 : Auth: (24212) Login incorrect (Home Server
> says so):[host/dpslap001.its.york.ac.uk] (from client yorkcc port 178
> cli 80-86-F2-E0-7D-24)
> Tue Mar 27 16:34:46 2018 : Auth: (24212) Login incorrect:
> [host/dpslap001.its.york.ac.uk] (from client yorkcc port 178 cli
> 80-86-F2-E0-7D-24)


That's not necessarily better. Debugging winbind daemon could give
more insights.
-
List info/subscribe/unsubscribe? See https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7Ca022c7e9bdd34ac7d14108d593fca3bb%7Ce285d438dbba4a4c941c593ba422deac%7C0%7C0%7C636577635641971699&sdata=FTqCf3KRmL2XOOV%2BMtjNVrptSI77cAwmNMBS0OWz%2Bo0%3D&reserved=0


More information about the Freeradius-Users mailing list