> xp machine sends its machine auth to radius it sends 
> host/machinename.activedirectorydomain.domain.domain.  so freeradius 
> takes the activedirectorydomain part of that and assumes that the 
> domain's actual name (what you use for authentication)  in our 
> case....blame the windows people, that is NOT the case.  example 
> computer.ad.clarku.edu is the dns name...however that computer is 
> actually joined to the CLARKU domain..so the authentication needs to be 
> against the CLARKU domain as the AD domain doesn't exist.  does that 
> make sense?  any ideas?

well, you can use regexp/attr_filter to look for these systems
and then just chop off the activedirectorydomain.domain.domain. part
thus allowing the AD REALM to be forced by yourselves.

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to