Windows client MS-chap auto-reauthentication
Doc Phillips
foolsday74 at gmail.com
Tue Oct 20 16:26:50 CEST 2009
On Tue, Oct 20, 2009 at 2:46 AM, Alan DeKok <aland at deployingradius.com>wrote:
> Doc Phillips wrote:
> > I'm trying to prevent rogue devices from connecting to production and
> > obviously only allow valid users & devices. The current setup states
> > members of domain computers or domain users are allowed to auth against
> > the radius server. Do you know if its possible through freeradius to
> > allow these devices AND these users only?
>
> > Yes. FreeRADIUS can do machine && user authentication against Active
> >Directory, using Samba.
>
> Thanks I'll research that further.
> > We're using eap-peap-mschapv2
> > as our current authentication method. Is there a way using
> > --require-membership-of to combine users AND groups perhaps through some
> > type of regular expression?
>
> > I'm not sure what that means.
>
I was thinking something along the lines of
"--require-membership-of=domain\\ computers" &&
"--require-membership-of=domain\\ users". You can only access the network
if you're logging on from a valid machine with valid credentials. Does that
make sense or am I totally off?
Thanks again for all the help!!
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091020/edda0fe3/attachment.html>
More information about the Freeradius-Users
mailing list