Hello Paul,
what you can do is to check a user with adsiedit.msc to see what are the
attribut to match.
I am not sure that uid is member of AllStaff works but something like
memberof contain cn=AllStaff should be probably better.
Also use pftest to test your rules.
Regards
Fabrice
Le 2015-07-28 06:16, Polar Geek a écrit :
Hello all,
Have mostly successfully made the transition to radius / Active
Directory authentication. But I’m running into an issue with assigning
the correct role to a system using the system based on different user
attributes. I have include below the appropriate section from
authentication.conf The issue is that only the last section is being
triggered (GUEST) I was under the impression that rules were
processed in order and stopped once a condition was met. Additionally
if I completely remove the guest rule then all usernames report “You
don not have permission to register a device with username.” Any
pointers on what I’m doing wrong?
Thanks,
Paul
[LCHS-DC00]
description=Luther Active Directory
password=***********
scope=sub
[email protected]
basedn=OU=LutherUsers,DC=luthercollege,DC=edu
usernameattribute=sAMAccountName
connection_timeout=5
stripped_user_name=yes
encryption=none
port=389
type=AD
host=172.20.0.254
[LCHS-DC00 rule Paul.Taylor]
description=
match=
action0=set_role=NetAdmin
action1=set_unreg_date=2020-01-01
condition0=sAMAccountName,equals,paul.taylor
[LCHS-DC00 rule EmployeeDevReg]
description=Registration Account For Employee Devices
match=
action0=set_role=EmployeeRegistration
action1=set_unreg_date=2020-07-01
condition0=sAMAccountName,equals,StaffRegistration
[LCHS-DC00 rule Employee]
description=Employee Personal Device Registration
match=
action0=set_role=Employee
action1=set_access_duration=5D
condition0=uid,is member of,AllStaff
[LCHS-DC00 rule DayStudents]
description=Non Residential Students
match=
action0=set_role=Day Student
action1=set_access_duration=5D
condition0=uid,is member of,DayStudents
[LCHS-DC00 rule DormStudents]
description=Residential Students
match=
action0=set_role=Dorm Student
action1=set_unreg_date=2016-07-01
condition0=uid,is member of,ResStudents
[LCHS-DC00 rule Guest]
description=Guest Users
match=all
action0=set_access_duration=12h
action1=set_role=guest
Paul Taylor
IT Support
Luther College High School
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
