Andy,
You can test an account in your ad with:
/usr/local/pf/bin/pftest authentication administrator ""
Authenticating against AD-Inverse
Authentication FAILED against AD-Inverse (Invalid login or password)
Matched against AD-Inverse for 'authentication' rules
set_role : default
set_access_duration : 5D
Matched against AD-Inverse for 'administration' rules
mark_as_sponsor : 1
/usr/local/pf/bin/pftest authentication administrator realpassword
Authenticating against AD-Inverse
Authentication SUCCEEDED against AD-Inverse (Authentication successful.)
Matched against AD-Inverse for 'authentication' rules
set_role : default
set_access_duration : 5D
Matched against AD-Inverse for 'administration' rules
mark_as_sponsor : 1
Make sure that your are matching the correct portal profile into the
logs/packetfence.log
Instantiate profile PORTAL-PROFILE-NAME
(pf::Portal::ProfileFactory::_from_profile)
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) ::
www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>)
and PacketFence (http://packetfence.org <http://packetfence.org/>)
> Le 9 févr. 2016 à 14:25, Andy A <[email protected]> a écrit :
>
> Thanks for your reply. I have AD source that is configured in PacketFence and
> the source talks to a AD server for my Domain.
>
> cat /usr/local/pf/conf/authentication.conf
> [local]
> description=Local Users
> type=SQL
>
> [email]
> description=Email-based registration
> email_activation_timeout=10m
> type=Email
> create_local_account=yes
> allow_localdomain=yes
>
> [my_ad]
> description=My Active Directory
> password=PASSWORD
> scope=sub
> binddn=OU=Users,OU=My Org,DC=orgDC,DC=local
> basedn=OU=Users,OU=My Org,DC=orgDC,DC=local
> usernameattribute=sAMAccountName
> connection_timeout=15
> stripped_user_name=no
> encryption=none
> cache_match=1
> port=389
> type=AD
> host=10.10.10.10
>
> [my_ad rule internal_access]
> description=internal access
> match=all
> action0=set_role=internal_role
> action1=set_access_duration=1D
>
> cat /usr/local/pf/conf/profiles.conf
> [default]
> description=Default Profile
> logo=/captive-portal/content/assets/img/logo.gif
> billing_engine=disabled
> redirecturl=http://google.com <http://google.com/>
> always_use_redirecturl=enabled
> mandatory_fields=firstname,lastname,email
> locale=en_US
> nbregpages=0
> filter_match_style=any
> block_interval=10m
> sms_pin_retry_limit=0
> sms_request_limit=0
> login_attempt_limit=0
> dot1x_recompute_role_from_portal=enabled
> reuse_dot1x_credentials=0
> sources=email,local
> provisioners=
> custom_fields_authentication_sources=
> scans=
>
> [my_site]
> description=internal site
> login_attempt_limit=0
> dot1x_recompute_role_from_portal=0
> sms_pin_retry_limit=0
> locale=en_US
> sms_request_limit=0
> nbregpages=0
> always_use_redirecturl=enabled
> redirecturl=http://www.google.com <http://www.google.com/>
> billing_engine=disabled
> filter=network:10.10.0.0/24
> description=my site internal profile
> mandatory_fields=
> scans=
> reuse_dot1x_credentials=0
> sources=my_ad,email,local
> block_interval=12h
> provisioners=
> custom_fields_authentication_sources=
> filter_match_style=any
>
>
> ________________________________
>> From: [email protected] <mailto:[email protected]>
>> Date: Tue, 9 Feb 2016 13:20:07 -0500
>> To: [email protected]
>> <mailto:[email protected]>
>> Subject: Re: [PacketFence-users] AD integration
>>
>> Hello Andy,
>>
>> When you are saying ‘AD integration’, did you configure the AD source
>> in PacketFence or you have joined you PacketFence server to your AD
>> domain ?
>>
>> Can you paste the output of those commands (hiding the passwords):
>>
>> cat /usr/local/pf/conf/authentication.conf
>>
>> cat /usr/local/pf/conf/profiles.conf
>>
>> Thanks,
>>
>> Ludovic Zammit
>> [email protected] <mailto:[email protected]><mailto:[email protected]
>> <mailto:[email protected]>> :: +1.514.447.4918 (x145) :: www.inverse.ca
>> <http://www.inverse.ca/><http://www.inverse.ca <http://www.inverse.ca/>>
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org
>> <http://packetfence.org/>)
>>
>>
>>
>>
>>
>> Le 9 févr. 2016 à 12:22, Andy A
>> <[email protected]
>> <mailto:[email protected]><mailto:[email protected]
>> <mailto:[email protected]>>> a écrit
>> :
>>
>> Hello.
>>
>> I am using PF 5.2 on Centos 6.x in inline mode. We are using AD
>> integration and it works fine to get people on the internet with just a
>> small issue.
>> The AD doesn't require the user's domain password to sign-in to the
>> internet as long as the username is a valid child within the AD object
>> tree.
>>
>> So basically 'userA' and 'userB' can type 'password' as their password
>> and still be authenticated as the AD is not considering the password at
>> all.
>>
>> Is this a correct behaviour? or have I missed a trick here and not
>> configured the AD properly?
>>
>> Thanks.
>> ------------------------------------------------------------------------------
>>
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> ------------------------------------------------------------------------------
>>
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>> _______________________________________________ PacketFence-users
>> mailing list [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> <http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
