Fabrice,
Thanks for your response. When I get back to work tonight Ill try the memberof contain cn=AllStaff variation. Any thoughts on why the sAMAccountname equals xxxx wouldnt be matching? Paul From: Durand fabrice [mailto:[email protected]] Sent: July 28, 2015 5:42 AM To: [email protected] Subject: Re: [PacketFence-users] Role Assignment rules issue Hello Paul, what you can do is to check a user with adsiedit.msc to see what are the attribut to match. I am not sure that uid is member of AllStaff works but something like memberof contain cn=AllStaff should be probably better. Also use pftest to test your rules. Regards Fabrice Le 2015-07-28 06:16, Polar Geek a écrit : Hello all, Have mostly successfully made the transition to radius / Active Directory authentication. But Im running into an issue with assigning the correct role to a system using the system based on different user attributes. I have include below the appropriate section from authentication.conf The issue is that only the last section is being triggered (GUEST) I was under the impression that rules were processed in order and stopped once a condition was met. Additionally if I completely remove the guest rule then all usernames report You don not have permission to register a device with username. Any pointers on what Im doing wrong? Thanks, Paul [LCHS-DC00] description=Luther Active Directory password=*********** scope=sub [email protected] <mailto:[email protected]> basedn=OU=LutherUsers,DC=luthercollege,DC=edu usernameattribute=sAMAccountName connection_timeout=5 stripped_user_name=yes encryption=none port=389 type=AD host=172.20.0.254 [LCHS-DC00 rule Paul.Taylor] description= match= action0=set_role=NetAdmin action1=set_unreg_date=2020-01-01 condition0=sAMAccountName,equals,paul.taylor [LCHS-DC00 rule EmployeeDevReg] description=Registration Account For Employee Devices match= action0=set_role=EmployeeRegistration action1=set_unreg_date=2020-07-01 condition0=sAMAccountName,equals,StaffRegistration [LCHS-DC00 rule Employee] description=Employee Personal Device Registration match= action0=set_role=Employee action1=set_access_duration=5D condition0=uid,is member of,AllStaff [LCHS-DC00 rule DayStudents] description=Non Residential Students match= action0=set_role=Day Student action1=set_access_duration=5D condition0=uid,is member of,DayStudents [LCHS-DC00 rule DormStudents] description=Residential Students match= action0=set_role=Dorm Student action1=set_unreg_date=2016-07-01 condition0=uid,is member of,ResStudents [LCHS-DC00 rule Guest] description=Guest Users match=all action0=set_access_duration=12h action1=set_role=guest Paul Taylor IT Support Luther College High School ---------------------------------------------------------------------------- -- _______________________________________________ PacketFence-users mailing list [email protected] <mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
