I know that you can, using webvpn, validate domain membership as a logon condition
. However, I am wondering if you can do one step beyond that, and have radius or ldap somehow authenticate the computer account, before moving on to user authentication. I am wondering if can be done using the standard VPN client, and/or webvpn or anyconnect. I am not looking for certificates, and am willing to make some modifications to the client if needed. So basically, heres what Im looking for, mainly on the webvpn:
User logs in -> prelogon check authenticates computer account in AD --> if pass, proceed to user authentic ation. If fail, either deny access, or apply another group/policy of more resitrcted access.