Re: GUID based Authentication on FreeRadius

Wed, 28 Dec 2011 09:28:45 -0800
We have two different SSIDs - one with EAP-TLS for company-owned mobile devices (which will automatically receive a machine certificate to validate that) and a second one with PEAP and local users stored in a radius userfile. Both SSIDs correspond to separate VLANs on the wireless controllers - would that be a solution for your scenario? The second SSID/VLAN offers only limited access to company ressources. I guess it would be no great deal to switch the PEAP authentication backend from the local userfile to LDAP/Active Directory, if that is required. 

Am 28.12.2011 16:13, schrieb McSparin, Joe:

Well that answers that then.
My goal is, I have users that will connect wirelessly using their NT
domain username and password on the hospitals wireless devices.
I also however have doctors that will bring in their own laptops and
connect.  When they connect with their laptops though I do not want them
to have the same privileges as when they connect on the hospital
wireless devices.
If they are connecting with their home laptops even though they use
their Ntdomain user name and password which the radius server will
accept I want to restrict them to a public vlan.
If they connect using a hospital device then I want it to assign them to
a vlan based on their NTDomain User Group.  Since this is a hospital I
have to have pretty strict security regulations with users.

Thanks,


Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcspa...@hillcountrymemorial.org

-----Original Message-----
From:
freeradius-users-bounces+jmcsparin=hillcountrymemorial.org@lists.freerad
ius.org
[mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial.org@lists
.freeradius.org] On Behalf Of Alan DeKok
Sent: Wednesday, December 28, 2011 8:25 AM
To: FreeRadius users mailing list
Subject: Re: GUID based Authentication on FreeRadius

McSparin, Joe wrote:

Anyone know if this is possible.  I have found information on MAC

Based

Authentication but nothing on GUID.


   What does that mean?

   The GUID isn't sent in a RADIUS packet.  So doing GUID authentication
makes no sense.

   Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




--
Mit freundlichen Grüßen / With kind regards
  Rudolph Bott
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






















					Reply via email to