domain security problem

Hegedus Gabor hegedus.gabor at euroway.hu
Wed Dec 10 15:24:28 CET 2008


tnt at kalik.net wrote:
>> certainly,
>> hi is in the AD it is correct,
>>
>> the problem is the domain
>>
>> win send the
>> - DOMAIN\username if it is in domain,
>> - HOSTNAME\username if it is not in domain (only workgroup)
>>
>> but when i set TEST(my domain) as hostname (it still not in domain), it
>> will send this and freeradius think it is correct.
>>
>> how can I config the freeradius to reject auth, when it is not in
>> domain(but send domain name as hostname)
>>
>> like: ntdomain or something proxy.conf  modification or hack, i  have
>> no idea  what is the solution.
>>     
>
> There is no problem with the user. User is in the AD. Your problem is
> with the machine. How did the machine get access onto the network?
>
> If you don't control computer accounts there is no way to prevent this.
> If you allow users to plug in any machine into the network and you
> don't control at least mac address ...
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   
It is bad news, you say check mac address too
no way reject it simple without mac...

thank you




More information about the Freeradius-Users mailing list