Tim,
Thanks for the reply. Yes, I've set all logging to debug so I can get every
message the thing generates. It looks like my problem may have something to do
with my AD settings, as it's failing to find a match (although it found the
match in AD from the registration page, or else I'd never have been able to
register the user in the first place :^/).
My AD settings are following:
Host: <server ip>:389 NONE
Base DN: DC=foo,DC=bar,DC=net (our internal domain foo.bar.net)
Scope: One-level (I tried Subtree
and Children with no luck)
Username Attribute: sAMAccountName (verified from AD server)
Bind DN: Services Admin (user setup specifically
for authenticating devices against AD, works on VPN and other devices)
Password: <confirmed_working>
I have one Rule "Employees", which I have configured as:
No Condition (tried putting
in my username "dgreer" as an exact match, but no good).
Actions:
Set role default (also tried
"employee" which also maps to VLAN 1)
Set access duration 5 days (also set unregistration
dat to 2020-01-01 per instructions, no difference).
I've dug into the code, and I see (from a logger line I added) that
match_in_subclass is not getting any hits on my userID. I see the correct user
id, and per some previous instructions, I'm assuming the domain portion is
being stripped off properly (although the logging shows the domain still on the
userid throughout the log, sooo....).
It's been a long time since I've felt this dumb. :^) Any ideas of what I've
got screwed up?
Thanks.
Don
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
