[EMAIL PROTECTED] wrote:
certainly,
hi is in the AD it is correct,
the problem is the domain
win send the
- DOMAIN\username if it is in domain,
- HOSTNAME\username if it is not in domain (only workgroup)
but when i set TEST(my domain) as hostname (it still not in domain), it
will send this and freeradius think it is correct.
how can I config the freeradius to reject auth, when it is not in
domain(but send domain name as hostname)
like: ntdomain or something proxy.conf modification or hack, i have
no idea what is the solution.
There is no problem with the user. User is in the AD. Your problem is
with the machine. How did the machine get access onto the network?
If you don't control computer accounts there is no way to prevent this.
If you allow users to plug in any machine into the network and you
don't control at least mac address ...
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It is bad news, you say check mac address too
no way reject it simple without mac...
thank you
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
