Hi, For my active directory use source, I have two rules: domain_users and domain_admins.
However, using bin/pftest authentication I see that even though I am a domain_admin, my role is set to unu_merit_domain_users. Here are relevant bits from authentication.conf: > [our-ad] > description=samba4 ad > password=secret > scope=one > binddn=CN=search packetfence,CN=Users,DC=domain,DC=com > basedn=CN=Users,DC=samba,DC=domain,DC=com > usernameattribute=sAMAccountName > connection_timeout=5 > stripped_user_name=yes > encryption=none > port=389 > type=AD > host=samba.domain.com > > [our-ad rule domain_users] > description=our domain users > match=all > action0=set_role=domain_users > action1=set_access_duration=365D > > [our-ad rule domain_admins] > description=our domain admins > match= > action0=set_unreg_date=2020-01-01 > action1=set_access_level=ALL > action2=set_role=domain_admins > condition0=memberOf,equals,CN=Domain Admins,CN=Users,DC=domain,DC=com > So: default rule is domain_user, but in case the user is member of CN=Domain Admins,CN=Users,DC=domain,DC=com (which I am!) I should get the domain_admins role. Changing the order of the rules also does not help. (or should I restart more than just bin/pfcmd configreload to make it work?) This is on packetfence 5.3.1, wheezy, the above source is used both for inline and 802.1x authentication. (and all works perfectly, just with the wrong role applied) MJ ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
