Bryce Mackintosh wrote: > I'm currently using FreeRadius to control access to our wifi network > with PEAP-TLS, and authenticating users against their AD accounts. I now > need to somehow additionally restrict the users wifi access to only the > machines that are joined to the Windows domain, and not phones, ipads, > etc, and do this in a reasonably secure fashion.
That's not how EAP works. If they authenticate, they're authenticated. > There are a couple of hundred laptops involved, so I'd like to avoid > having to do much in the way of client-side configuration, but I suspect > that client certificates may be the only answer. I've been searching for > a number of weeks, and I haven't found any other real solution. Whitelist the good devices, and disallow anything else. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
