quick question, should machine authentication work if I follow the howto on a base system or will I need to add attr_rewrite's as suggested in the novell howto.
On 7/6/07, Jacob Jarick <[EMAIL PROTECTED]> wrote: > config on client follows exactly what the howto reccomends with the 1 > change of checking "authenticate as computer when computer information > is available". Which as you can see does attempt to auth. > > The cert options are set as in this picture: > http://wiki.freeradius.org/Image:100000000000017F000001D2C7856F9F.png > > I just reread this section here on the howto "Certificate validation > is strongly recommended for wireless configurations, and optional for > wired deployments. > > Select « Validate server certificate » and check ONLY the CA for your > FreeRADIUS server (the one you installed above). Also select « Connect > to these servers » and enter the Common Name of the server > certificate. > > If you are configuring a wired ethernet interface, you can leave > certificate verification off in your supplicants: just deselect « > Validate server certificate ». > > Either way, select « EAP-MSCHAP v2 » as authentication method. Click > the « Configure » button next." > > So I will enable cert validation retry and post back. > > Cheers for the info /tip :) > > On 7/6/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi, > > > > > This url here looks like what I need > > > http://support.novell.com/docs/Tids/Solutions/10100693.html but their > > > instructions are pretty lousy "For machine-based authentication or > > > user based authentication, modify the RADIUSD.CONF file by adding the > > > following lines:" doesnt say where or what section to add said lines > > > to and we all know how touchy the radiusd.conf file is. > > > > those parts can go pretty much anywhere in the main config file - eg > > stick them at the end of the file. > > > > from what I can see of the log the NTLM is working fine - the NTKEY > > reply matched and its all okay. which leaves me to assume that a > > config on the client isnt correct - is the machine configured to validate > > the RADIUS server and does it have the correct 'tick' for the certificate > > and host name for the server to validate? > > > > alan > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
