Can somebody point me in the right direction for this? I'm willing to read any books/whitepapers you reference, I just need to know if it's possible and vaguely how.
I have Cisco VPN Clients connecting into the internal LAN and I would like to further my RADIUS authentication by checking for specific attributes of the operating system before granting authentication.
Example, I only want Windows XP computers who are members of the "DOM22" domain. Or, I only want Dell computers of a certain model to be able to authenticate through RADIUS/ASA5500 (possibly by querying WMI or registry key?).
Can someone point me in the right direction? Something tells me this type of authentication would tie in to the Cisco VPN Client software (making WMI calls, etc) but I can't find anything about it.
EDIT: I felt I should clarify. I'm already using RADIUS to authenticate domain accounts, specifically I'm looking for a way to limit which physical machines are given access without resorting to certificate distrobution to the machines I want to have access.