On Tue, Oct 20, 2009 at 2:46 AM, Alan DeKok <aland@deployingradius.com> wrote:
Doc Phillips wrote:
> I'm trying to prevent rogue devices from connecting to production and
> obviously only allow valid users & devices.  The current setup states
> members of domain computers or domain users are allowed to auth against
> the radius server.  Do you know if its possible through freeradius to
> allow these devices AND these users only?

> Yes.  FreeRADIUS can do machine && user authentication against Active
>Directory, using Samba.

Thanks I'll research that further.
 
>  We're using eap-peap-mschapv2
> as our current authentication method.  Is there a way using
> --require-membership-of to combine users AND groups perhaps through some
> type of regular expression?

> I'm not sure what that means.
 
I was thinking something along the lines of "--require-membership-of=domain\\ computers" && "--require-membership-of=domain\\ users".  You can only access the network if you're logging on from a valid machine with valid credentials.  Does that make sense or am I totally off?
 
Thanks again for all the help!!

 Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html