PEAP/MSCHAPv2 - Host Account Authentication Only

Kevin Elliott kevin_elliott at ci.juneau.ak.us
Fri Apr 27 00:30:12 CEST 2012


That did the trick perfectly.

I am only using the default virtual server.

Is there any reason I would add this to the authorize section for the inner-tunnel?


Thanks.

-- 
Kevin Elliott
 
Network Specialist
City and Borough of Juneau, MIS
(907) 586 - 0905
 

 

> -----Original Message-----
> From: 
> freeradius-users-bounces+kevin_elliott=ci.juneau.ak.us at lists.f
> reeradius.org 
> [mailto:freeradius-users-bounces+kevin_elliott=ci.juneau.ak.us
> @lists.freeradius.org] On Behalf Of alan buxey
> Sent: Wednesday, April 25, 2012 2:53 PM
> To: FreeRadius users mailing list
> Subject: Re: PEAP/MSCHAPv2 - Host Account Authentication Only
> 
> Hi,
> 
> > Currently FreeRadius will send back Access-Accepts for 
> *both* user and machine/host accounts (in the Active 
> Directory context of those terms). I would like to configure 
> FreeRadius to ignore or reject authentication requests using 
> the user creditionals. I spent the better part of yesterday 
> afternoon searching the mailing list but I couldn't seem to 
> conjure up the correct search terms to find out which 
> configuration files I need to delve into to make this setting.
> 
> I guess a simple way would be something like this in 
> authorise {} section of the server
> 
> if ("%{User-Name}" !~ /^host\/.*\.yourAD\.realm$/i){
>            update reply {
>                 Reply-Message = "Not an host/machine login!"
>            }
>            reject
> }
> 
> 
> alan
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 


More information about the Freeradius-Users mailing list