Authenticate with machine account and without ntlm_auth
Rodrigo Antunes
rodrigoaantunes at yahoo.com.br
Mon Nov 18 13:26:11 UTC 2024
The machine is not domain joined.
I would like to authenticate it against the users file.
The problem is that I don't know how to obtain the machine account password or how to manually set it.
The only thing I have found are the nt hashes but I think I can't check them in users file.
Em quinta-feira, 14 de novembro de 2024 às 15:09:23 BRT, Alan DeKok <aland at deployingradius.com> escreveu:
On Nov 14, 2024, at 12:25 PM, Rodrigo Antunes via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Hi, I'd like to authenticate a PC using it's machine account and the mschap module, without calling ntlm_auth, is this possible?
It depends.
If all of the passwords are in Active Directory, then you have to use ntlm_auth.
> I noticed that the machine send its user as "host/machinename" but I don't know how to obtain and check its password.
You should be able to just check the machine credentials. Try it with ntlm_auth. It's a command-line tool that can be used on its own.
> Maybe I should check the nt-hashes in users file?
You will need the correct password, and then store that in the "users" file.
Alan DeKok.
More information about the Freeradius-Users
mailing list