That did the trick perfectly. I am only using the default virtual server. Is there any reason I would add this to the authorize section for the inner-tunnel? Thanks. -- Kevin Elliott Network Specialist City and Borough of Juneau, MIS (907) 586 - 0905
-----Original Message----- From: freeradius-users-bounces+kevin_elliott=ci.juneau.ak.us@lists.f reeradius.org [mailto:freeradius-users-bounces+kevin_elliott=ci.juneau.ak.us @lists.freeradius.org] On Behalf Of alan buxey Sent: Wednesday, April 25, 2012 2:53 PM To: FreeRadius users mailing list Subject: Re: PEAP/MSCHAPv2 - Host Account Authentication Only
Hi,
Currently FreeRadius will send back Access-Accepts for *both* user and machine/host accounts (in the Active Directory context of those terms). I would like to configure FreeRadius to ignore or reject authentication requests using the user creditionals. I spent the better part of yesterday afternoon searching the mailing list but I couldn't seem to conjure up the correct search terms to find out which configuration files I need to delve into to make this setting.
I guess a simple way would be something like this in authorise {} section of the server
if ("%{User-Name}" !~ /^host\/.*\.yourAD\.realm$/i){ update reply { Reply-Message = "Not an host/machine login!" } reject }
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html