Fabrice,
Thanks for the direction got it all figured out including the sAMAccountname issue. The big thing is that match had to be set to any. Although on my install of 5.3.1 this cant be set from the Web GUI. There appears to be broken html. What I see is If <select name="match" id="match" class="input-mini"> <option value="any" id="match.0" selected="selected">any</option> <option value="all" id="match.1">all</option></select> of the following conditions are met: I have included my working examples below in case anyone else runs up against this issue [LCHS-DC00 rule EmployeeDevReg] description=Registration Account For Employee Devices match=any action0=set_role=EmployeeRegistration action1=set_unreg_date=2020-07-01 condition0=sAMAccountName,equals,StaffRegistration [LCHS-DC00 rule Employee] description=Employee Personal Device Registration match=any action0=set_role=Employee action1=set_access_duration=5D condition0=memberOf,is member of,CN=AllStaff,OU=Groups,DC=luthercollege,DC=edu Paul From: Durand fabrice [mailto:[email protected]] Sent: July 28, 2015 5:42 AM To: [email protected] Subject: Re: [PacketFence-users] Role Assignment rules issue Hello Paul, what you can do is to check a user with adsiedit.msc to see what are the attribut to match. I am not sure that uid is member of AllStaff works but something like memberof contain cn=AllStaff should be probably better. Also use pftest to test your rules. Regards Fabrice Le 2015-07-28 06:16, Polar Geek a écrit : Hello all, Have mostly successfully made the transition to radius / Active Directory authentication. But Im running into an issue with assigning the correct role to a system using the system based on different user attributes. I have include below the appropriate section from authentication.conf The issue is that only the last section is being triggered (GUEST) I was under the impression that rules were processed in order and stopped once a condition was met. Additionally if I completely remove the guest rule then all usernames report You don not have permission to register a device with username. Any pointers on what Im doing wrong? Thanks, Paul [LCHS-DC00] description=Luther Active Directory password=*********** scope=sub [email protected] <mailto:[email protected]> basedn=OU=LutherUsers,DC=luthercollege,DC=edu usernameattribute=sAMAccountName connection_timeout=5 stripped_user_name=yes encryption=none port=389 type=AD host=172.20.0.254 [LCHS-DC00 rule Paul.Taylor] description= match= action0=set_role=NetAdmin action1=set_unreg_date=2020-01-01 condition0=sAMAccountName,equals,paul.taylor [LCHS-DC00 rule EmployeeDevReg] description=Registration Account For Employee Devices match= action0=set_role=EmployeeRegistration action1=set_unreg_date=2020-07-01 condition0=sAMAccountName,equals,StaffRegistration [LCHS-DC00 rule Employee] description=Employee Personal Device Registration match= action0=set_role=Employee action1=set_access_duration=5D condition0=uid,is member of,AllStaff [LCHS-DC00 rule DayStudents] description=Non Residential Students match= action0=set_role=Day Student action1=set_access_duration=5D condition0=uid,is member of,DayStudents [LCHS-DC00 rule DormStudents] description=Residential Students match= action0=set_role=Dorm Student action1=set_unreg_date=2016-07-01 condition0=uid,is member of,ResStudents [LCHS-DC00 rule Guest] description=Guest Users match=all action0=set_access_duration=12h action1=set_role=guest Paul Taylor IT Support Luther College High School ---------------------------------------------------------------------------- -- _______________________________________________ PacketFence-users mailing list [email protected] <mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
