I believe your condition should include the full ldap path and look
something like this:
condition0=memberOf,equals,CN=PacketFence,OU=Security
Groups,OU=Groups,DC=syb,DC=net
From: Berlin, Amanda - Information Systems
[mailto:[email protected]]
Sent: Tuesday, June 25, 2013 10:59 AM
To: [email protected]
Subject: [PacketFence-users] 4.0.1 and AD configuration
Hello All,
I've been trying to get this to work for some time now and I'm not
getting anywhere. I have version 4.0.1 running and I'm trying to get two
separate sources setup.
Source 1: Internal, AD
Source 2: External, Email sponsor
Here is my authentication.conf
[local]
description=Local Users
type=SQL
[VendorAccess_Source]
description=VendorAccess_Source
email_activation_timeout=20m
type=Email
allow_localdomain=1
[firelands.localAD]
description=Firelands.local AD
password=mypasswordhere
scope=sub
[email protected]
basedn=DC=firelands,DC=local
usernameattribute=sAMAccountName
encryption=none
port=389
type=AD
host=firelands.local
[VendorAccess_Source rule VendorAccess_Rule]
description=VendorAccess_Rule
match=all
action0=set_role=VendorAccess
[firelands.localAD rule EmployeeAccessRule]
description=EmployeeAccessRule
match=all
action0=set_role=EmployeeAccess
action1=set_access_duration=1h
condition0=memberOf,equals,PacketFence
On my switch I have the VendorAccess and EmployeeAccess set to go to
different Vlans. The error I get whenever I try and login with a user
that is member of the PacketFence group in AD is "Username/Password
incorrect for all authentication sources". When I test my source it
comes back saying that the test was successful. I'm combing through the
logs, but I haven't found anything yet. Thoughts? Suggestions? I'm stuck
L
Amanda Berlin
Email transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed, arrive late or
contain viruses.
The sender, therefore, does not accept liability for any errors or omissions in
the contents of this message, which arise as a result of email transmission.
The information in this email is confidential, may be privileged, and is
intended solely for the addressee. Access to this email by anyone else is
unauthorized.
If you are not the intended recipient or a person authorized to deliver it to
the named addressee, do not read, copy, retain, or disseminate this message or
any
attachment. If you have received this email in error, please reply to the
message immediately to inform the sender that the message was misdirected.
After replying, please delete the message from your computer system.
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
