On Tue, Oct 20, 2009 at 2:46 AM, Alan DeKok
<aland@deployingradius.com> wrote:
Doc Phillips wrote:
> I'm trying to prevent rogue devices from connecting to production and
> obviously only allow valid users & devices. The current setup states
> members of domain computers or domain users are allowed to auth against
> the radius server. Do you know if its possible through freeradius to
> allow these devices AND these users only?
> Yes. FreeRADIUS can do machine && user authentication against Active
>Directory, using Samba.
Thanks I'll research that further.
> We're using eap-peap-mschapv2
> as our current authentication method. Is there a way using
> --require-membership-of to combine users AND groups perhaps through some
> type of regular expression?
> I'm not sure what that means.
I was thinking something along the lines of "--require-membership-of=domain\\ computers" && "--require-membership-of=domain\\ users". You can only access the network if you're logging on from a valid machine with valid credentials. Does that make sense or am I totally off?
Thanks again for all the help!!
Alan DeKok.