Authenticate to AD but only allow certain group
Brian C. Huffman
bhuffman at etinternational.com
Wed Oct 29 20:40:24 CET 2014
Does mschap need to be enabled in both outter and inner tunnel?
Thanks,
Brian
On 10/29/2014 03:28 PM, Alan DeKok wrote:
> Brian C. Huffman wrote:
>> It seems like there are quite a few options that are enabled by
>> default. I'm attaching the critical files (sites-enabled/default,
>> sites-enabled/inner-tunnel, eap.conf).
> Don't do that. We know what's in the files. We don't need to see
> them again.
>
>> Is there anything I should disable to improve security?
> The server is secure by default. A vague goal of "improve security"
> is meaningless and pointless.
>
> If you want to disable particular authentication methods, then go do
> that. Read the "default" virtual server, and remove the authentication
> methods you don't use.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list