Hello, You could use the command:
/usr/local/pf/bin/pftest authentication USERNAME "" You will see if you match properly your rule, it should bring Administration right. Could you show me your conf/authentication.conf? Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Apr 27, 2023, at 7:41 PM, IT Mercenary <theitmercena...@gmail.com> wrote: > > Hi All, > > I'm hoping for some guidance on how to change the Radius Reply for CLI > authentication when users are not a member of the specified group. The group > is being matched as the RADIUS reply indicates the right administration rule > is being matched (catch all). > > The behavior I was getting: > > <image.png> > > <image.png> > > Compared to what I'm getting now: > <image.png> > > <image.png> > Thanks! > > On Mon, Apr 24, 2023 at 6:45 AM IT Mercenary <theitmercena...@gmail.com > <mailto:theitmercena...@gmail.com>> wrote: >> Hi Ludovic, >> >> I've changed the group to use DN and equal, but I'm getting the same >> results. Is there a way to customize the behavior when an administrative >> user is authenticated but not authorized? >> >> Thanks! >> >> On Mon, Apr 24, 2023 at 5:32 AM Zammit, Ludovic <luza...@akamai.com >> <mailto:luza...@akamai.com>> wrote: >>> Hello there, >>> >>> It loos like the match regex operator does not work properly, in order to >>> have a good match use the DistinguishName of the group object in the Ad in >>> combinaison of the operator equals >>> >>> Memberof equals CN=MyGroup,OU=domain,OU=com >>> >>> Thanks, >>> >>> >>> >>> Ludovic Zammit >>> Product Support Engineer Principal Lead >>> >>> Cell: +1.613.670.8432 >>> Akamai Technologies - Inverse >>> 145 Broadway >>> Cambridge, MA 02142 >>> Connect with Us: <https://community.akamai.com/> >>> <http://blogs.akamai.com/> >>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4Cqyf7_AxUp$> >>> >>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4CqyYr4gXNR$> >>> >>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4CqyUpLS561$> >>> >>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4CqyVsZQVXE$> >>> >>>> On Apr 21, 2023, at 1:45 PM, IT Mercenary via PacketFence-users >>>> <packetfence-users@lists.sourceforge.net >>>> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >>>> >>>> Hello, >>>> >>>> I have an administration rule for switch CLI access that is producing >>>> different results for users that are not a member of an AD group. Both >>>> switches are in a switch group with type based on the standard Cisco >>>> template. The desired result is being produced on appliance version 12.1.0 >>>> and the undesired result on v12.2.0. >>>> >>>> Administration Rules >>>> <image.png> >>>> >>>> v12.1.0 Results >>>> <image.png> >>>> RADIUS Tab: >>>> <image.png> >>>> >>>> v12.2.0 Results >>>> <image.png> >>>> >>>> RADIUS Tab: >>>> <image.png> >>>> >>>> >>>> Thanks! >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> <mailto:PacketFence-users@lists.sourceforge.net> >>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!RJRooQcys6zdEdxUze4ob_Fdoh8f6vc2-IXTbp2iUXgzmcvH-3YEOBQRdtmbI7Lzb_CFnZNayskBCKtC7pOqRsEGTSZZOy4s7Q6HOQ$ >>>> >>>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
