Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

On Thu, Feb 09, 2017 at 09:23:10AM +, Paul Seward wrote: > On 8 February 2017 at 23:58, Matthew Newton wrote: > > > > Presuming you just auth with a username and password (albeit not > > supplied by the user) then I can't think why it wouldn't work. I > > set WBC_MSV1_0_ALLOW_WORKSTATION_TRUST

Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

On 8 February 2017 at 23:58, Matthew Newton wrote: > > > However, the latest winbind feature in FR3 does not > > support machine auth. > > Are you doing machine auth with passwords? I assumed these days > anyone doing machine auth would just be doing EAP-TLS... > > Presuming you just auth with a

Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

On Wed, Feb 08, 2017 at 07:33:36PM +, Trinklein, Jason R wrote: > We found that ntlm_auth is an order of magnitude slower than > winbind. Nice to know. > However, the latest winbind feature in FR3 does not > support machine auth. Are you doing machine auth with passwords? I assumed these day

RE: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request? We are using eduroam on our campus using FreeRADIUS 3. We will be sunsetting our college-branded secure wireless network and shifting all users to the ed

Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request? Is anybody else seeing Windows 10 prepending &quo

Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

I agree with the others saying this sounds like host authentication rather than user. That said, we decided to explicitly allow host authentication locally (whitelisted - we otherwise require a roaming-compatible outer identity format). It allows our computers to connect while users are logged out

RE: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

ved: Thursday, 02 Feb 2017, 7:41 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu> [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu>] Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RA

Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

ISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu> [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu>] Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request? We do not use Eduroam (too ex

Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

Not EDUROAM, but in my environment the "username" from EAP-TLS gets pulled as a configurable field from the certificate, so other than selecting whether using the machine or user certificate on the client (user vs. machine auth), nothing is prepended or modified. We use SAN-DNS as the "username" fi

RE: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

ary 02, 2017 8:03 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request? Lee, Let me give the official cost of eduroam: The cost of eduroam in the US is 10 cents per student per year with a

Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

mailto:WIRELESS-LAN@listserv.educause.edu>] > Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before > username in RADIUS request? > > We do not use Eduroam (too expensive) but we use RADIUS EAP/PEAP MSCHAPv2 for > both machine & user authentic

RE: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

@LISTSERV.EDUCAUSE.EDU [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request? We do not use Eduroam (too expensive) but we use RADIUS EAP/PEAP MSCHAPv2 for both machine & user authentication. I have

Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

RELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request? Let me ask our RADIUS folks about this tomorrow. I'll post whatever I find out.

RE: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

, 2017 16:51 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request? Let me ask our RADIUS folks about this tomorrow. I'll post whatever I find out. == -jcw _

RE: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request?

Sent: Wednesday, February 01, 2017 5:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Windows 10 eduroam EAP/TLS adding "host/" before username in RADIUS request? Is anybody else seeing Windows 10 prepending "host/" to eduroam usernames in EAP/TLS auth?