On Thu, Feb 09, 2017 at 09:23:10AM +, Paul Seward wrote:
> On 8 February 2017 at 23:58, Matthew Newton wrote:
> >
> > Presuming you just auth with a username and password (albeit not
> > supplied by the user) then I can't think why it wouldn't work. I
> > set WBC_MSV1_0_ALLOW_WORKSTATION_TRUST
On 8 February 2017 at 23:58, Matthew Newton wrote:
>
> > However, the latest winbind feature in FR3 does not
> > support machine auth.
>
> Are you doing machine auth with passwords? I assumed these days
> anyone doing machine auth would just be doing EAP-TLS...
>
> Presuming you just auth with a
On Wed, Feb 08, 2017 at 07:33:36PM +, Trinklein, Jason R wrote:
> We found that ntlm_auth is an order of magnitude slower than
> winbind.
Nice to know.
> However, the latest winbind feature in FR3 does not
> support machine auth.
Are you doing machine auth with passwords? I assumed these day
-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before
username in RADIUS request?
We are using eduroam on our campus using FreeRADIUS 3. We will be sunsetting
our college-branded secure wireless network and shifting all users to the
ed
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>"
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before
username in RADIUS request?
Is anybody else seeing Windows 10 prepending &quo
I agree with the others saying this sounds like host authentication rather
than user.
That said, we decided to explicitly allow host authentication locally
(whitelisted - we otherwise require a roaming-compatible outer identity
format). It allows our computers to connect while users are logged out
ved: Thursday, 02 Feb 2017, 7:41
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu>
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu>]
Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before
username in RA
ISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu>
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu>]
Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before
username in RADIUS request?
We do not use Eduroam (too ex
Not EDUROAM, but in my environment the "username" from EAP-TLS gets pulled
as a configurable field from the certificate, so other than selecting
whether using the machine or user certificate on the client (user vs.
machine auth), nothing is prepended or modified. We use SAN-DNS as the
"username" fi
ary 02, 2017 8:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before
username in RADIUS request?
Lee,
Let me give the official cost of eduroam:
The cost of eduroam in the US is 10 cents per student per year with a
mailto:WIRELESS-LAN@listserv.educause.edu>]
> Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before
> username in RADIUS request?
>
> We do not use Eduroam (too expensive) but we use RADIUS EAP/PEAP MSCHAPv2 for
> both machine & user authentic
@LISTSERV.EDUCAUSE.EDU [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before
username in RADIUS request?
We do not use Eduroam (too expensive) but we use RADIUS EAP/PEAP MSCHAPv2 for
both machine & user authentication.
I have
RELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before
username in RADIUS request?
Let me ask our RADIUS folks about this tomorrow. I'll post whatever I find out.
, 2017 16:51
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before
username in RADIUS request?
Let me ask our RADIUS folks about this tomorrow. I'll post whatever I find out.
==
-jcw
_
Sent: Wednesday, February 01, 2017 5:55 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before
username in RADIUS request?
Is anybody else seeing Windows 10 prepending "host/" to eduroam usernames in
EAP/TLS auth?
15 matches
Mail list logo