PEAP/MSCHAPv2 - Host Account Authentication Only
alan buxey
A.L.M.Buxey at lboro.ac.uk
Thu Apr 26 00:53:11 CEST 2012
Hi,
> Currently FreeRadius will send back Access-Accepts for *both* user and machine/host accounts (in the Active Directory context of those terms). I would like to configure FreeRadius to ignore or reject authentication requests using the user creditionals. I spent the better part of yesterday afternoon searching the mailing list but I couldn't seem to conjure up the correct search terms to find out which configuration files I need to delve into to make this setting.
I guess a simple way would be something like this in authorise {} section of the
server
if ("%{User-Name}" !~ /^host\/.*\.yourAD\.realm$/i){
update reply {
Reply-Message = "Not an host/machine login!"
}
reject
}
alan
More information about the Freeradius-Users
mailing list