domain security problem
hegedus.gabor at euroway.hu
Fri Dec 12 09:48:39 CET 2008
tnt at kalik.net wrote:
>> It is bad news, you say check mac address too
>> no way reject it simple without mac...
> How much simpler can you get? You say that it is a problem that a user
> with AD account gets access from an unauthorized machine. The only
> answer is to check machine credentials. mac filtering is the simplest
> thing you could posssibly do. People who consider this a real problem
> use machine certificates. Or NAC.
> Ivan Kalik
> Kalik Informatika ISP
I just thought there is a setting which is usefull to differentiate the
HOST/username and DOMAIN/username
More information about the Freeradius-Users