Restricting users to AD domain computers

Bryce Mackintosh brycedrm at
Thu Oct 11 12:03:42 CEST 2012


I'm currently using FreeRadius to control access to our wifi network with
PEAP-TLS, and authenticating users against their AD accounts. I now need to
somehow additionally restrict the users wifi access to only the machines
that are joined to the Windows domain, and not phones, ipads, etc, and do
this in a reasonably secure fashion.

There are a couple of hundred laptops involved, so I'd like to avoid having
to do much in the way of client-side configuration, but I suspect that
client certificates may be the only answer. I've been searching for a
number of weeks, and I haven't found any other real solution.

Thanks in advance,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list