Re: Username/Host authorization

2013-06-24 Thread nicolas . clo
Hi, Yes, this is our actual configuration and it works very well, but I think that with the long run, a database that contains all MAC address can become very difficult to manage. But if it' s the only solution, I will make with. Thanks.

Re: Username/Host authorization

2013-06-24 Thread A . L . M . Buxey
Hi, >I'm now sure that the best way for us is MAC Address filtering. thats a way of doing the 'host' part. the user can then be authenticated by an EAP method. ie authorization stage can check the calling-station-id (MAC address) and, if not known, just reject. then, if known carry on to t

Username/Host authorization

2013-06-24 Thread nicolas . clo
Ok thanks for the reply. I'm now sure that the best way for us is MAC Address filtering. Have a good day. Nicolas CLO ---Original mail--- nicolas@ricoh-industrie.fr wrote: > We w

Re: Username/Host authorization

2013-06-24 Thread Phil Mayers
On 24/06/13 14:09, nicolas@ricoh-industrie.fr wrote: Thanks for your help. We want two authorization in the same times, for example, to ensure that user not used his iPhone with his DOMAIN/UserName account. Sorry, but that's not currently possible. No EAP method supports it. In theory EAP

Re: Username/Host authorization

2013-06-24 Thread Alan DeKok
nicolas@ricoh-industrie.fr wrote: > We want two authorization in the same times, for example, to ensure that > user not used his iPhone with his DOMAIN/UserName account. That is fairly vague. You're working with computers. Be specific. WHAT is in an Access-Request when they login using

Username/Host authorization

2013-06-24 Thread nicolas . clo
Thanks for your help. We want two authorization in the same times, for example, to ensure that user not used his iPhone with his DOMAIN/UserName account. Mac Authorization is not a good way for us ( Too restrictive to keep up to date ) Authorization by certificat too because we have a lot of ho

Re: Username/Host authorization

2013-06-24 Thread Alan DeKok
nicolas@ricoh-industrie.fr wrote: > Is it possible to verify host with mschapv2 That question has a number of unstated assumptions. Those assumptions are wrong. Does the *host* provide mschapv2 authentication data? No. Therefore, the host can't be verified with mschapv2. > and i

Re: Username/Host authorization

2013-06-24 Thread Phil Mayers
On 24/06/13 12:47, nicolas@ricoh-industrie.fr wrote: Hi list, I'm searching the best way to configure an authorization based on both Host + Username ( mschapv2 + /usr/bin/ntlm_auth) but not Host *or* Username. Is it possible to verify host with mschapv2 and if the module re

Username/Host authorization

2013-06-24 Thread nicolas . clo
Hi list, I'm searching the best way to configure an authorization based on both Host + Username ( mschapv2 + /usr/bin/ntlm_auth) but not Host or Username. Is it possible to verify host with mschapv2 and if the module return ok proceed to username verfication with the same module ? Thanks f