RE: Windows-Domain login without local users
-Original Message- machine authentication was the keyword I've searched ... thanks a lot somebody knows a good howto for this? thanks mIke To be honest, if you enable use computer account when available in the Windows Zero Config Client, it should just work. If it doesn't work: What Version of FreeRADIUS? What Version of Samba? What Supplicant are you using (XP SP2, Meetinghouse, Funk)? You have configured ntlm_auth, and it works? The computer is joined to the domain? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows-Domain login without local users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hey Michael, King, Michael schrieb: I'm Interpreting your question a little Please correct the question if I've got it wrong. You want to user's to be able to have network connectivity at the logon prompt, so they're username/password is sent to the domain? You need to use Machine Authentication. (AKA computer account authentication) This only works with: machine authentication was the keyword I've searched ... thanks a lot somebody knows a good howto for this? thanks mIke -Original Message- From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of Michael Messner Sent: Monday, November 06, 2006 9:37 AM To: freeradius-users@lists.freeradius.org Subject: Windows-Domain login without local users hey freeRADIUS users, PEAP auth. works now with *X and MS-clients, the backend is a freeradius server on centOS with active directory connection. Now, the user needs a local account to login to the clientmachine and then he is able to start the PEAP authentication process. A local login for every user is a big overhead! What is the normal way to handle this? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUMNgyUY4xkIcFVQRAsF3AJ99+H4Vp7GlgM4S+2QcLU83+KAHjwCbBn6l tSlImPmZwmz9dYUBz7xE3/U= =Mey6 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows-Domain login without local users
I'm Interpreting your question a little Please correct the question if I've got it wrong. You want to user's to be able to have network connectivity at the logon prompt, so they're username/password is sent to the domain? You need to use Machine Authentication. (AKA computer account authentication) This only works with: 1. Computers that are joined to the domain 2. FreeRADIUS is fairly recent 3. Samba is fairly Recent (I think you need 3.0.21b or above) 4. Client is configured to use Computer account when available. (This is a supplicant config setting) -Original Message- From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of Michael Messner Sent: Monday, November 06, 2006 9:37 AM To: freeradius-users@lists.freeradius.org Subject: Windows-Domain login without local users hey freeRADIUS users, PEAP auth. works now with *X and MS-clients, the backend is a freeradius server on centOS with active directory connection. Now, the user needs a local account to login to the clientmachine and then he is able to start the PEAP authentication process. A local login for every user is a big overhead! What is the normal way to handle this? thanks ca mIke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html