[UniMacTech] AD authentication and restricting logins
Matiu Carr
m.carr at auckland.ac.nz
Tue Apr 7 11:07:40 EST 2009
RADIUS.
I have been experimenting with using RADIUS to control access through
wireless access points and have successfully connected a bunch of
Airport Extremes to Microsoft Internet Authentication Server (IAS).
IAS provides a RADIUS type service that can be integrated with Active
Directory if you choose to do so.
Using a mixture of access policies it would be possible to restrict
access to particular users in particular areas at certain times.
RADIUS can be used to control access to wired networks as well as
wireless, the basic protocol involved is 802.1x.
Experimentation in this has been "blogged" at
http://wiki.creative.auckland.ac.nz/groups/itstaff/wiki/08b90/Microsoft_IAS__Apple_Airport__Mac_OS_X_and_Vista.html
(draft)
Other AD approaches.
The policy stuff I sent originally works with Macs that are members of
the AD -ie. you can apply group policy to OUs containing Mac computers
and the policy will be honoured by the directory. I applied the "Allow
log on locally" policy described at
http://itadmin.creative.auckland.ac.nz/FAQ/Network/ActiveDirectory/restrictAccessPolicy/
and a MacBook Pro (10.5.6) joined to the local AD would only allow
people in the specific groups I defined to log on.
Mat
--
Matiu Carr <m.carr at auckland.ac.nz>
IT Manager
National Institute of Creative Arts and Industries
+64 9 3737 599 x86511
http://www.people.auckland.ac.nz/Mat/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://auc.uow.edu.au/pipermail/unimactech/attachments/20090407/282f859e/attachment.html
More information about the unimactech
mailing list