On Tue, Oct 20, 2009 at 2:46 AM, Alan DeKok <al...@deployingradius.com>wrote:
> Doc Phillips wrote: > > I'm trying to prevent rogue devices from connecting to production and > > obviously only allow valid users & devices. The current setup states > > members of domain computers or domain users are allowed to auth against > > the radius server. Do you know if its possible through freeradius to > > allow these devices AND these users only? > > > Yes. FreeRADIUS can do machine && user authentication against Active > >Directory, using Samba. > > Thanks I'll research that further. > > We're using eap-peap-mschapv2 > > as our current authentication method. Is there a way using > > --require-membership-of to combine users AND groups perhaps through some > > type of regular expression? > > > I'm not sure what that means. > I was thinking something along the lines of "--require-membership-of=domain\\ computers" && "--require-membership-of=domain\\ users". You can only access the network if you're logging on from a valid machine with valid credentials. Does that make sense or am I totally off? Thanks again for all the help!! > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html