> I've tried searching the web before actually submitting this post in order > to cover all angles. I know it's possible for freeradius to authenticate > against Microsoft AD groups, users, etc. However, is it possible to > authenticate by combining groups? In other words, can freeradius > authenticate against users AND groups? I would like to say only members > of > computers AND users are allowed to authenticate against freeradius while > all > others are rejected. > > Is this even possible? Or, is there something about using peap and > combining > groups that will not allow this to occur? Currently I'm running > freeradius > 2.1.6 on freebsd 7.2 and windows 2003.
Yes. Configure AD as ldap server in raddb/modules/ldap and use group membership queries (Ldap-Group). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
