Authenticate to AD but only allow certain group

[Alan DeKok]

Brian C. Huffman wrote:
> It seems like there are quite a few options that are enabled by
> default.  I'm attaching the critical files (sites-enabled/default,
> sites-enabled/inner-tunnel, eap.conf).

  Don't do that.  We know what's in the files.  We don't need to see
them again.

> Is there anything I should disable to improve security?

  The server is secure by default.  A vague goal of "improve security"
is meaningless and pointless.

  If you want to disable particular authentication methods, then go do
that.  Read the "default" virtual server, and remove the authentication
methods you don't use.

  Alan DeKok.