On 11/10/12 11:03, Bryce Mackintosh wrote:
Hi,
I'm currently using FreeRadius to control access to our wifi network
with PEAP-TLS, and authenticating users against their AD accounts. I now
need to somehow additionally restrict the users wifi access to only the
machines that are joined to the Windows domain, and not phones, ipads,
etc, and do this in a reasonably secure fashion.
Can you be more specific here?
Do you want to authenticate *first* the computer and *then* the user via
802.1x? If so, that could be tricky - Windows doesn't support >1 auth
inside the PEAP tunnel.
There are a couple of hundred laptops involved, so I'd like to avoid
having to do much in the way of client-side configuration, but I suspect
that client certificates may be the only answer.
How do you think they may be "the answer"? IIRC you can't use client
certs with PEAP in windows.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
