On 11/09/2011 09:46 PM, Joy Veronneau wrote: > Is it possible for the radiator server to do machine-based > authentication (via certificate) to an Active Directory domain?
You may want to check if the really mean certificates, since machine based authentication can work with PEAP/EAP-MSCHAP-V2 too. When the machine joins to domain, a password and username is automatically created and these can be used for machine based authentication. This is also supported by Radiator by default too. > I have MSCHAPv2 working to our AD domain with username/password, but > now someone is asking about machine-based authentication. They are > currently doing this with an MS radius server and would like to > switch to our centrally managed radius server and central AD system. > I know that we would have to issue a new cert to the machine from the > central AD domain… but I'm not finding much about how to set up > radiator in my on-line research so far. EAP-TLS, see goodies too, can be used here. Radiator can also do extra checks for certs besides just checking if the cert is valid or not. -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator