Machine authentication

Bryan Kadzban bryan at
Tue Apr 4 18:54:04 EDT 2006

Jacky wrote:
> Hi Bryan,
> I have created an account logon ID as machine$, however ACS does not 
> think it is a machine authentication, come back with an error message
> "External DB user access denied (Machine Access Restriction)"
> I can not create an account with the name like "host/xxx", therefore 
> this approach is also not viable.
> Does anyone have an idea how to fool ACS that it is a machine 
> authentication with wpa_supplicant / hostapd?

Thinking about this some more raises the possibility that ACS uses an AD
attribute to tell what type of account the user is.  If that's what it
does, then you would be sending it a username of machine$, and it would
look up that object in AD.  Then it would find whatever AD attribute
corresponds to the account type, and see whether the account is for a
machine or for a user.

That's one other possibility, anyway.  I don't know much about ACS, so I
have no idea how it really works.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : 

More information about the HostAP mailing list