On Tue, Oct 20, 2009 at 2:46 AM, Alan DeKok <aland@deployingradius.com>wrote:
Doc Phillips wrote:
I'm trying to prevent rogue devices from connecting to production and obviously only allow valid users & devices. The current setup states members of domain computers or domain users are allowed to auth against the radius server. Do you know if its possible through freeradius to allow these devices AND these users only?
Yes. FreeRADIUS can do machine && user authentication against Active Directory, using Samba.
Thanks I'll research that further.
We're using eap-peap-mschapv2 as our current authentication method. Is there a way using --require-membership-of to combine users AND groups perhaps through some type of regular expression?
I'm not sure what that means.
I was thinking something along the lines of "--require-membership-of=domain\\ computers" && "--require-membership-of=domain\\ users". You can only access the network if you're logging on from a valid machine with valid credentials. Does that make sense or am I totally off? Thanks again for all the help!!
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html