PEAP/MSCHAPv2 - Host Account Authentication Only
Kevin Elliott
kevin_elliott at ci.juneau.ak.us
Fri Apr 27 00:30:12 CEST 2012
That did the trick perfectly.
I am only using the default virtual server.
Is there any reason I would add this to the authorize section for the inner-tunnel?
Thanks.
--
Kevin Elliott
Network Specialist
City and Borough of Juneau, MIS
(907) 586 - 0905
> -----Original Message-----
> From:
> freeradius-users-bounces+kevin_elliott=ci.juneau.ak.us at lists.f
> reeradius.org
> [mailto:freeradius-users-bounces+kevin_elliott=ci.juneau.ak.us
> @lists.freeradius.org] On Behalf Of alan buxey
> Sent: Wednesday, April 25, 2012 2:53 PM
> To: FreeRadius users mailing list
> Subject: Re: PEAP/MSCHAPv2 - Host Account Authentication Only
>
> Hi,
>
> > Currently FreeRadius will send back Access-Accepts for
> *both* user and machine/host accounts (in the Active
> Directory context of those terms). I would like to configure
> FreeRadius to ignore or reject authentication requests using
> the user creditionals. I spent the better part of yesterday
> afternoon searching the mailing list but I couldn't seem to
> conjure up the correct search terms to find out which
> configuration files I need to delve into to make this setting.
>
> I guess a simple way would be something like this in
> authorise {} section of the server
>
> if ("%{User-Name}" !~ /^host\/.*\.yourAD\.realm$/i){
> update reply {
> Reply-Message = "Not an host/machine login!"
> }
> reject
> }
>
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list