Happy Friday! Using /usr/local/pf/bin/pftest authentication USERNAME "", I can see that the user is matching the deny rule as desired.
[image: image.png] Here is a screenshot of the authentication.conf file. I think this contains the relevant parts but let me know if I should send you the whole file. [image: image.png] Thanks! On Fri, Apr 28, 2023 at 5:29 AM Zammit, Ludovic <luza...@akamai.com> wrote: > Hello, > > You could use the command: > > /usr/local/pf/bin/pftest authentication USERNAME "" > > You will see if you match properly your rule, it should bring > Administration right. > > Could you show me your conf/authentication.conf? > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal Lead* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Apr 27, 2023, at 7:41 PM, IT Mercenary <theitmercena...@gmail.com> > wrote: > > Hi All, > > I'm hoping for some guidance on how to change the Radius Reply for CLI > authentication when users are not a member of the specified group. The > group is being matched as the RADIUS reply indicates the right > administration rule is being matched (catch all). > > The behavior I was getting: > > <image.png> > > <image.png> > > Compared to what I'm getting now: > <image.png> > > <image.png> > Thanks! > > On Mon, Apr 24, 2023 at 6:45 AM IT Mercenary <theitmercena...@gmail.com> > wrote: > >> Hi Ludovic, >> >> I've changed the group to use DN and equal, but I'm getting the same >> results. Is there a way to customize the behavior when an administrative >> user is authenticated but not authorized? >> >> Thanks! >> >> On Mon, Apr 24, 2023 at 5:32 AM Zammit, Ludovic <luza...@akamai.com> >> wrote: >> >>> Hello there, >>> >>> It loos like the match regex operator does not work properly, in order >>> to have a good match use the DistinguishName of the group object in the Ad >>> in combinaison of the operator equals >>> >>> Memberof equals CN=MyGroup,OU=domain,OU=com >>> >>> Thanks, >>> >>> >>> >>> *Ludovic Zammit* >>> *Product Support Engineer Principal Lead* >>> *Cell:* +1.613.670.8432 >>> Akamai Technologies - Inverse >>> 145 Broadway >>> Cambridge, MA 02142 >>> Connect with Us: <https://community.akamai.com/> >>> <http://blogs.akamai.com/> >>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4Cqyf7_AxUp$> >>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4CqyYr4gXNR$> >>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4CqyUpLS561$> >>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4CqyVsZQVXE$> >>> >>> On Apr 21, 2023, at 1:45 PM, IT Mercenary via PacketFence-users < >>> packetfence-users@lists.sourceforge.net> wrote: >>> >>> Hello, >>> >>> I have an administration rule for switch CLI access that is producing >>> different results for users that are not a member of an AD group. Both >>> switches are in a switch group with type based on the standard Cisco >>> template. The desired result is being produced on appliance version 12.1.0 >>> and the undesired result on v12.2.0. >>> >>> *Administration Rules* >>> <image.png> >>> >>> *v12.1.0 Results* >>> <image.png> >>> RADIUS Tab: >>> <image.png> >>> >>> *v12.2.0 Results* >>> <image.png> >>> >>> RADIUS Tab: >>> <image.png> >>> >>> >>> Thanks! >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> >>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!RJRooQcys6zdEdxUze4ob_Fdoh8f6vc2-IXTbp2iUXgzmcvH-3YEOBQRdtmbI7Lzb_CFnZNayskBCKtC7pOqRsEGTSZZOy4s7Q6HOQ$ >>> >>> >>> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
