On 01/02/10 12:46, cd wrote:
hello
I'm looking for a toturial ti authenticate XP machines accounts (ldap backend)
on boot with freeradius
here a computer LDAP entry
dn: uid=pc-42ee2079$,ou=computer,ou=ressources,ou=test,o=coin,c=fr
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: pc-42ee2079$
uid: pc-42ee2079$
uidNumber: 10006
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: account
sambaSID: S-1-5-21-902432509-630223792-3260868441-1000
displayName: pc-42EE2079$
sambaAcctFlags: [W ]
sambaNTPassword: 2A8BBB29BEF5F91B02AF687290ADB4F7
sambaPwdLastSet: 1262772595
should I put in ldap.attr
checkItem Cleartext-Password sambaNTPassword
The required config is:
checkItem NT-Password sambaNtPassword
...and should already by in the ldap.attrmap
One thing to be aware of - the username as supplied in 802.1x will be:
host/hostname.domain.com
...and this needs to be re-written to:
hostname$
...the "mschap" module will do this for you; you need to ensure that
you're using:
%{mschap:User-Name}
...in your LDAP filters.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html