Thank you. We're attempting conditional auto-registration (depending on group membership), and there is some mixing of user and machine auth that I'll need to work out. I didn't mean to bring that into this discussion.
This was the problem I started this thread about - registration with multiple sources defined didn't work if the sources used the same LDAP parameters, whether in a profile or not. I think that is still the case, but it's more likely expected behavior (don't use multiple sources if you can use more rules within the same source), but maybe the failure mode isn't as clear as it could be. tim On 1/17/14 11:26 AM, "Fabrice DURAND" <[email protected]> wrote: >For machine auth use servicePrincipalName. >Also new in packetfence 4.1, even if you are using autoregistration you >can create a portal profile that filter on your secure SSID. >So packetfence will try all the sources you defined in this profile. >If there is no portal profiles that match then packetfence will use all >the authentication sources defined in sources. > >Fabrice > >Le 2014-01-17 10:58, Palmer, Tim a écrit : >> >> On 1/17/14 10:47 AM, "Jason Frisvold" <[email protected]> wrote: >> >>> Palmer, Tim wrote: >>>> I had several AD sources with a couple of rules each, all with the >>>>same >>>> LDAP parameters (especially the usernameattribute) except the group >>>>name >>>> being matched on. I changed to a single AD source per >>>>usernameattribute, >>>> with several rules. So I now have two AD sources one for user auth >>>>and >>>> one for machine auth and this is working better. Haven't confirmed >>>>it's >>>> working perfectly yet. >>> For what it's worth, this is exactly what we do. Albeit, LDAP versus >>> AD, but similar enough. One source for Machine Auth, one for User >>>Auth. >>> Works flawlessly thus far. >>> >> >> Makes perfect sense. I don't know what I was thinking - happy to get it >> working at all during the 4.0.x times, I think. >> I'm now having an issue with machine auth and my auto registration - if >> you don't mind my asking, what username attribute are you matching on >>for >> Windows machine auth? servicePrincipalName or sAMAccountName or ?? >> >> Thanks, >> >> tim >> >> >> >>------------------------------------------------------------------------- >>----- >> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >> Learn Why More Businesses Are Choosing CenturyLink Cloud For >> Critical Workloads, Development Environments & Everything In Between. >> Get a Quote or Start a Free Trial Today. >> >>http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clk >>trk >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > >-- >Fabrice Durand >[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca >Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >(http://packetfence.org) > > >-------------------------------------------------------------------------- >---- >CenturyLink Cloud: The Leader in Enterprise Cloud Services. >Learn Why More Businesses Are Choosing CenturyLink Cloud For >Critical Workloads, Development Environments & Everything In Between. >Get a Quote or Start a Free Trial Today. >http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clkt >rk >_______________________________________________ >PacketFence-users mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
