Pete,
We are aware of this behavior and we are working on a solution.
By that time, you can ‘bypass’ it by creating the same exact authentication
source and apply only ‘auth’ rules without any ‘set_access_level’ actions in
them… After, simply use that source on the different portal profiles.
Cheers!
dw.
—
Derek Wuelfrath
[email protected] :: www.inverse.ca
+1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
> On Jan 28, 2015, at 11:10, Pete Hoffswell <[email protected]>
> wrote:
>
> Hi there -
>
> We have an Active Directory installation, with multiple rules to set users'
> role, based on their 802.1x credentials.
>
> Unfortunately, An earlier rule for staff, seems to be overlooked, and users
> are dropping into the catch-all rule, and set to a role of guest.
>
> Is there a way to test the rule?
>
> I know about this tool:
>
> bin/pftest authentication user "****" AD
>
> and it returns -
>
> Authenticating against AD
> Authentication SUCCEEDED against AD (Authentication successful using LDAP)
> Matched against AD
> set_access_level : ALL
>
> But this doesn't show me which rule was matched, nor what access_role was
> set.
>
> I do see that this windows 8.1 machine shows up in PF as owner:
> "host/phoffswe-clamps.ad.davenport.edu
> <https://netaccess.davenport.edu:1443/user/host%2Fphoffswe-clamps.ad.davenport.edu/read>"
> That isn't the same as the user's username of "phoffswe" Could that be my
> problem?
>
> Thoughts?
>
> -
> Pete Hoffswell - Network Manager
> [email protected] <mailto:[email protected]>
> http://www.davenport.edu <http://www.davenport.edu/>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now.
> http://goparallel.sourceforge.net/_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
