domain security problem

Hegedus Gabor hegedus.gabor at
Wed Dec 10 15:24:28 CET 2008

tnt at wrote:
>> certainly,
>> hi is in the AD it is correct,
>> the problem is the domain
>> win send the
>> - DOMAIN\username if it is in domain,
>> - HOSTNAME\username if it is not in domain (only workgroup)
>> but when i set TEST(my domain) as hostname (it still not in domain), it
>> will send this and freeradius think it is correct.
>> how can I config the freeradius to reject auth, when it is not in
>> domain(but send domain name as hostname)
>> like: ntdomain or something proxy.conf  modification or hack, i  have
>> no idea  what is the solution.
> There is no problem with the user. User is in the AD. Your problem is
> with the machine. How did the machine get access onto the network?
> If you don't control computer accounts there is no way to prevent this.
> If you allow users to plug in any machine into the network and you
> don't control at least mac address ...
> Ivan Kalik
> Kalik Informatika ISP
> -
> List info/subscribe/unsubscribe? See
It is bad news, you say check mac address too
no way reject it simple without mac...

thank you

More information about the Freeradius-Users mailing list