Restricting users to AD domain computers
Alan DeKok
aland at deployingradius.com
Thu Oct 11 14:17:20 CEST 2012
Bryce Mackintosh wrote:
> I'm currently using FreeRadius to control access to our wifi network
> with PEAP-TLS, and authenticating users against their AD accounts. I now
> need to somehow additionally restrict the users wifi access to only the
> machines that are joined to the Windows domain, and not phones, ipads,
> etc, and do this in a reasonably secure fashion.
That's not how EAP works. If they authenticate, they're authenticated.
> There are a couple of hundred laptops involved, so I'd like to avoid
> having to do much in the way of client-side configuration, but I suspect
> that client certificates may be the only answer. I've been searching for
> a number of weeks, and I haven't found any other real solution.
Whitelist the good devices, and disallow anything else.
Alan DeKok.
More information about the Freeradius-Users
mailing list