> Could you send us the output of radiusd -X for a computer auth?
Done. (See previous message with attachment.)
> If it works for users it should just work for machines.
Perhaps under certain circumstances, but not for us, apparently. Perhaps it's
the significant difference between the NT-style domain name and the AD-style
domain name. Perhaps it's the multi-domain AD structure. I don't know. I do
know that users can successfully authenticate - IF they supply a domain as part
of their credentials - and computers cannot. Yet.
> You'll need to make sure you have samba > 3.0.23 [IIRC] [which you seem to
> have] and your ntlm_auth line has to have an appropriately formatted
> User-Name bit e.g. %{mschap:User-Name} (the mschap module will take
> host\\computer.domain.name and turn it in to computer$ automatically).
Yup. Samba 3.5.4. Here's the ntlm_auth line used (from mschap module):
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name}
--domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
Interestingly enough, the modules/ntlm_auth file contains something completely
different, though I don't think it is in play:
exec ntlm_auth {
wait = yes
program = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name}
--password=%{User-Password}"
}
--J
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
