Restricting users to AD domain computers

Phil Mayers p.mayers at
Thu Oct 11 15:48:00 CEST 2012

On 11/10/12 12:55, Bryce Mackintosh wrote:

> Okay, ignoring how I currently have things setup, how would other people
> go about controlling the users and devices on a wifi network by means of
> 802.1x, freeradius using AD for authentication and Win XP Pro SP3

We don't bother. It's not obvious why "controlling the devices" is useful.

> clients. I'd have thought that this was a fairly common requirement in
> the enterprise world, so I'm surprised there's not an obvious solution,
> or am I missing something? At the moment it looks like we'll have to
> abandon 802.1x and go back to WPA2-PSK.

Eh? How does *that* help?

If you really want to do this, then:

  1. Use machine auth for 802.1x
  2. Use policies *on* the machines to control the users

More information about the Freeradius-Users mailing list