Thanks, Derek -
I'm not sure I follow you on the workaround.
Users with this problem are matching a rule called "Other":
[AD rule Other]
description=All Other Valid Users - Catch All
match=all
action0=set_role=guest
action1=set_access_duration=5D
There is no "set_access_level" in this rule.
Are you saying I should remove this rule to resolve the issue? Then, if we
want to authenticate "other", we simply direct them to a portal-based
process?
-
Pete Hoffswell - Network Manager
[email protected]
http://www.davenport.edu
On Mon, Feb 2, 2015 at 3:12 PM, Derek Wuelfrath <[email protected]>
wrote:
> Pete,
>
> We are aware of this behavior and we are working on a solution.
> By that time, you can ‘bypass’ it by creating the same exact
> authentication source and apply only ‘auth’ rules without any
> ‘set_access_level’ actions in them… After, simply use that source on the
> different portal profiles.
>
> Cheers!
> dw.
>
> —
> Derek Wuelfrath
> [email protected] :: www.inverse.ca
> +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
> On Jan 28, 2015, at 11:10, Pete Hoffswell <[email protected]>
> wrote:
>
> Hi there -
>
> We have an Active Directory installation, with multiple rules to set
> users' role, based on their 802.1x credentials.
>
> Unfortunately, An earlier rule for staff, seems to be overlooked, and
> users are dropping into the catch-all rule, and set to a role of guest.
>
> Is there a way to test the rule?
>
> I know about this tool:
>
> bin/pftest authentication user "****" AD
>
> and it returns -
>
> Authenticating against AD
> Authentication SUCCEEDED against AD (Authentication successful using
> LDAP)
> Matched against AD
> set_access_level : ALL
>
> But this doesn't show me which rule was matched, nor what access_role was
> set.
>
> I do see that this windows 8.1 machine shows up in PF as owner: "
> host/phoffswe-clamps.ad.davenport.edu
> <https://netaccess.davenport.edu:1443/user/host%2Fphoffswe-clamps.ad.davenport.edu/read>"
> That isn't the same as the user's username of "phoffswe" Could that be my
> problem?
>
> Thoughts?
>
> -
> Pete Hoffswell - Network Manager
> [email protected]
> http://www.davenport.edu
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now.
> http://goparallel.sourceforge.net/_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
