Machine account authentication on Radius server
- by O.Shevchenko
My workstation is under Linux. I have an Active Directory domain controller + Radius server on Windows 2008.
I can verify user account 'radius-01' using 'radtest' tool:
$ radtest -t pap radius-01 password123 195.234.133.32 1812 password123
Sending Access-Request of id 98 to 195.234.73.2 port 1812
User-Name = "radius-01"
User-Password = "password123"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
rad_recv: Access-Accept packet from host 195.234.133.32 port 1812, id=98, length=84
Framed-MTU = 1344
Framed-Protocol = PPP
Service-Type = Framed-User
Class = 0x537004f00000013700010200ac1c0...
I have joined my Linux PC to Active Directory domain ARB-HRK using Samba:
[root@shev-arb]# net ads testjoin
Join is OK
I can dump machine password:
[root@shev-arb]# tdbdump /var/lib/samba/private/secrets.tdb
{
key(34) = "SECRETS/MACHINE_PASSWORD/ARB-HRK"
data(15) = "yGgXJsquRnpT0g\00"
}
How can i authenticate my machine account on Radius server?
Do anybody know any tools for this, like:
radtest shev-arb$ yGgXJsquRnpT0g 195.234.133.32 1812 password123
(this command fails)