I have a deployment where I would like to use a specific AD Attribute to authenticate users at one particular location if their attribute matches a particular number.
Therefore all users having this attribute along with this number are allowed to authenticate at location A and nowhere else.
User's at location B will have the same attribute but with a different number.
The number can be a store #, dealer #, something that identifies which location they belong to.
Not too sure how to go about configuring this. We are using EAP-PEAP MSCHAPv2 to authenticate the users. I assume somewhere in the enforcement profile i will be validating against the attribute whether it is exists and checking the value and then how do i go about linking that number to the location?
The other thing is that if the attribute contains a specific word let's say 'allow', then this user can authenticate at all the locations.
I know this is possible but not too sure how to implement right now.