To restrict access to a lan the network shall be equipped with switches, that are capable of 802.1x authentication on a per port basis. Only client machines with a valid machine account in a central active directory shall get access. As I have never had to do with active directory, I am unsure, whether freeradius is suited to be used for the authentication process. googling around I found the following assertion: FreeRADIUS at this time cannot perform machine account authentications, but it supports proxying them off to another RADIUS server (for example, IAS, or FUNK) see: http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind0505&L=wireless-lan&T=0&F=... Is this true? If not, is there any documentation available, that describes the setup? Which credentials are used by that kind of authentication: account names/passwords , certificates,...? Thanks Norbert Wegener