> Ah, you weren't mentioning AD. With AD you can exercise reasonable > control. And issuing and installing certificates should't be much of a > problem (read about domain member autoenrolement). You should go for AD > integration:
Hi, Ivan. I mentioned AD but it was way back in the first email. To recap my setup looks like Active Directory <=> winbind <=> Freeradius <=> NAS <=> Supplicant I set this up by following the link you reference. So that part is good :-) > > http://deployingradius.com/documents/configuration/active_directory.html > > and leave user/machine authentication to AD. Right so user auth is the job of AD. Are you aware of any pointers or howto's on getting autoenrollment working with AD and Freeradius? > No, in your case you should use machine certificates. You have already put > in increased workload into AD - use it. But still, dynamic VLANs would be > much prefered to static ones. And you would save yourself the workload > needed to secure NAS/port combinations from unwanted access with > huntgroups/sqlhuntgroups. Can you explain what you mean by this? Thank you for all of your advice. I really appreciate it! John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html