domain security problem

tnt at kalik.net tnt at kalik.net
Wed Dec 10 12:57:21 CET 2008


>certainly,
>hi is in the AD it is correct,
>
>the problem is the domain
>
>win send the
>- DOMAIN\username if it is in domain,
>- HOSTNAME\username if it is not in domain (only workgroup)
>
>but when i set TEST(my domain) as hostname (it still not in domain), it
>will send this and freeradius think it is correct.
>
>how can I config the freeradius to reject auth, when it is not in
>domain(but send domain name as hostname)
>
>like: ntdomain or something proxy.conf  modification or hack, i  have
>no idea  what is the solution.

There is no problem with the user. User is in the AD. Your problem is
with the machine. How did the machine get access onto the network?

If you don't control computer accounts there is no way to prevent this.
If you allow users to plug in any machine into the network and you
don't control at least mac address ...

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list