Hi, > xp machine sends its machine auth to radius it sends > host/machinename.activedirectorydomain.domain.domain. so freeradius > takes the activedirectorydomain part of that and assumes that the > domain's actual name (what you use for authentication) in our > case....blame the windows people, that is NOT the case. example > computer.ad.clarku.edu is the dns name...however that computer is > actually joined to the CLARKU domain..so the authentication needs to be > against the CLARKU domain as the AD domain doesn't exist. does that > make sense? any ideas?
well, you can use regexp/attr_filter to look for these systems and then just chop off the activedirectorydomain.domain.domain. part thus allowing the AD REALM to be forced by yourselves. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html