freeradius windows machine authentication
Marco Gaiarin
gaio at lilliput.linux.it
Mon Sep 4 13:58:29 UTC 2023
Mandi! Härtl, Calvin
In chel di` si favelave...
> Is FreeRADIUS natively capable of doing machine authentication via AD, do I have to configure some additional files or are there any modules that I can install to do this for me?
Sure! I'm using it against an Samba AD domain,but i think it is exactly the
same.
I've not done some strange configuration, the same plain configuration that
work for user work also for computers; currently i use:
winbind_username = "%{mschap:%{User-Name}:-None}"
winbind_domain = "LNFFVG"
But NOTE that, clearly, if you have setup LDAP filters:
1) your LDAP 'base_dn' HAVE TO contain also machine account OU.
2) if you have setup group filters, filters HAVE TO match also computer
account.
On windows client side, i set explicitly in advanced options only the
'computer account' auth.
--
Does anybody here remember Vera Lynn?
(Pink Floyd)
More information about the Freeradius-Users
mailing list