Proxying Machine Authentications

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

Proxying Machine Authentications

King, Michael
I currently have our wireless users authenticating to our Active
Directory 2003 domain using PEAP and TTLS.

We want to proxy our machine authentications off to something else that
can authenticate them.

Does anyone have any examples of how to do this?

I know all the machine accounts show up on my NAS as

host/machinename

Whereas my users are :

Domain\Username
Or
Username

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Proxying Machine Authentications

Alan DeKok
"King, Michael" <[hidden email]> wrote:
> We want to proxy our machine authentications off to something else that
> can authenticate them.
>
> Does anyone have any examples of how to do this?
>
> I know all the machine accounts show up on my NAS as
>
> host/machinename

  In the "users" file, do:

DEFAULT EAP-Message *= 0x00, User-Name =~ "/", Proxy-To-Realm := "foo"

  That should work.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html