-----Original Message----- From: freeradius-users-bounces+scott=renshawauto....@lists.freeradius.org [mailto:freeradius-users-bounces+scott=renshawauto....@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Friday, September 09, 2011 9:21 AM To: freeradius-users@lists.freeradius.org Subject: Re: Windows Pre-Login Auth
On 09/09/2011 03:00 PM, Scott Hughes wrote: > Hello all, > > I have been using FreeRadius for several years now and am stuck trying > to make our Windows based wireless system authenticate PRIOR to user login. > > I have searched the FreeRadius and Deploying FreeRadius sites as well > as Google, but no luck. Here is a brief over-view of my FreeRadius setup: > > 1) Clients: Windows XP & Windows 7 (Professional in both cases - NO > VISTA!) > > 2) Currently running FreeRadius version 2.0.5 > > 3) Currently authenticating users via TLS/PEAP with computer > name/username > I'm not sure what you're asking here. Pre-login auth is entirely client side. As long as FreeRADIUS can authenticate the users, it'll just work. Have you tried it? I assume you are using Samba/ntlm_auth to verify the PEAP/MSCHAP against your domain? - My apologies for not being clear. Please ignore the second part of my post. I simply wanted to be complete in my posting as to where I currently am (authenticating via the users file) and where I would like to go in case it is relevant (authenticating via Active Domain). I am attempting to authenticate the computer name using certificates prior to the user logging in. I have configured the certificates but I am still not able to login. I've tried client certificates for user name and several variations of the computer name, but again, it did not work. I am changing the common name in the client certificate which is what it seems to key off of. Thanks, Scott - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html