Re: [PacketFence-users] Role Assignment rules issue

Wed, 29 Jul 2015 05:46:22 -0700 

Here are the patches to fix this:
https://github.com/inverse-inc/packetfence/commit/c5b26e48d75cc56269e7b55a1238465398e21617.patch
https://github.com/inverse-inc/packetfence/commit/ff5d9fce54c7bd6677f0ea8d7df989379fb45650.patch
https://github.com/inverse-inc/packetfence/commit/befb1620d5f00c04009c8264e7de574c3eea198d.patch

or just use /usr/local/pf/addons/pf-maint.pl

On 29/07/15 05:19 AM, Polar Geek wrote:


Fabrice,
Thanks for the direction got it all figured out including the sAMAccountname issue. The big thing is that match had to be set to any. Although on my install of 5.3.1 this can’t be set from the Web GUI. There appears to be broken html. What I see is
If <select name="match" id="match" class="input-mini"> <option value="any" id="match.0" selected="selected">any</option> <option value="all" id="match.1">all</option></select> of the following conditions are met:
I have included my working examples below in case anyone else runs up against this issue 

[LCHS-DC00 rule EmployeeDevReg]

description=Registration Account For Employee Devices

match=any

action0=set_role=EmployeeRegistration

action1=set_unreg_date=2020-07-01

condition0=sAMAccountName,equals,StaffRegistration

[LCHS-DC00 rule Employee]

description=Employee Personal Device Registration

match=any

action0=set_role=Employee

action1=set_access_duration=5D
condition0=memberOf,is member of,CN=AllStaff,OU=Groups,DC=luthercollege,DC=edu 

Paul

*From:*Durand fabrice [mailto:[email protected]]
*Sent:* July 28, 2015 5:42 AM
*To:* [email protected]
*Subject:* Re: [PacketFence-users] Role Assignment rules issue

Hello Paul,
what you can do is to check a user with adsiedit.msc to see what are the attribut to match. I am not sure that uid is member of AllStaff works but something like memberof contain cn=AllStaff should be probably better. 
Also use pftest to test your rules.

Regards
Fabrice

Le 2015-07-28 06:16, Polar Geek a écrit :

    Hello all,

    Have mostly successfully made the transition to radius / Active
    Directory authentication. But I’m running into an issue with
    assigning the correct role to a system using the system based on
    different user attributes. I have include below the appropriate
    section from authentication.conf  The issue is that only the last
    section is being triggered (GUEST)   I was under the impression
    that rules were processed in order and stopped once a condition
    was met. Additionally if I completely remove the guest rule then
    all usernames report “You don not have permission to register a
    device with username.”  Any pointers on what I’m doing wrong?

    Thanks,

    Paul

    [LCHS-DC00]

    description=Luther Active Directory

    password=***********

    scope=sub

    [email protected]
    <mailto:[email protected]>

    basedn=OU=LutherUsers,DC=luthercollege,DC=edu

    usernameattribute=sAMAccountName

    connection_timeout=5

    stripped_user_name=yes

    encryption=none

    port=389

    type=AD

    host=172.20.0.254

    [LCHS-DC00 rule Paul.Taylor]

    description=

    match=

    action0=set_role=NetAdmin

    action1=set_unreg_date=2020-01-01

    condition0=sAMAccountName,equals,paul.taylor

    [LCHS-DC00 rule EmployeeDevReg]

    description=Registration Account For Employee Devices

    match=

    action0=set_role=EmployeeRegistration

    action1=set_unreg_date=2020-07-01

    condition0=sAMAccountName,equals,StaffRegistration

    [LCHS-DC00 rule Employee]

    description=Employee Personal Device Registration

    match=

    action0=set_role=Employee

    action1=set_access_duration=5D

    condition0=uid,is member of,AllStaff

    [LCHS-DC00 rule DayStudents]

    description=Non Residential Students

    match=

    action0=set_role=Day Student

    action1=set_access_duration=5D

    condition0=uid,is member of,DayStudents

    [LCHS-DC00 rule DormStudents]

    description=Residential Students

    match=

    action0=set_role=Dorm Student

    action1=set_unreg_date=2016-07-01

    condition0=uid,is member of,ResStudents

    [LCHS-DC00 rule Guest]

    description=Guest Users

    match=all

    action0=set_access_duration=12h

    action1=set_role=guest

    Paul Taylor

    IT Support
    Luther College High School





    
------------------------------------------------------------------------------




    _______________________________________________

    PacketFence-users mailing list

    [email protected]  
<mailto:[email protected]>

    https://lists.sourceforge.net/lists/listinfo/packetfence-users



------------------------------------------------------------------------------


_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Krzysztof Adamski  |  Network Development  | University Information Technology
010 Steacie Science and Engineering Library | York University | 4700 Keele St. 
, Toronto ON  Canada M3J 1P3
T: +1.416.736.2100 x22675 | F: +1.416.736.5830 | [email protected] |  
www.yorku.ca


------------------------------------------------------------------------------

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to