Hi,
I managed to get authentication of users logged on Windows XP
workstation to the network.
The machine authentication (while booting) however fails thus preventing
the users from retrieving their roaming profiles.
Here is the relevant part of the log:
Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: - authorize
Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: performing user
authorization for host/mycomputer
Thu Feb 5 14:39:16 2009 : Debug: radius_xlat: Running registered xlat
function of module mschap for string 'User-Name:None'
Thu Feb 5 14:39:16 2009 : Debug: expand:
(uid=%{mschap:User-Name:None}) -> (uid=mycomputer$)
Thu Feb 5 14:39:16 2009 : Debug: expand:
ou=People,dc=mycompany,dc=com -> ou=People,dc=mycompany,dc=com
Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: attempting LDAP reconnection
It seems freeradius "tries" to authenticate the computer from the
ou=People,dc=mydomain,dc=com.
In radiusd.conf I have the following:
ldap {
server = "192.168.0.3"
identity = "uid=dot1x_read_user,ou=People,dc=mydomain,dc=com"
password = ldapreadpasswd
basedn = "ou=People,dc=mydomain,dc=com"
filter = "(uid=%{mschap:User-Name:None})"
I now need to instruct the ldap to search in
ou=Computers,dc=mydomain,dc=com for the computers authentication.
How do I do this while preserving the working users auth ?
Thanks
Laurent
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
