Of course I checked "Use stripped username" and added "strip to the
realm option.
Il 02/08/2017 15:26, Cristian Mammoli via PacketFence-users ha scritto:
Hi, in my POC I'm trying the following setup:
If a computer does not support 802.1x should be presented with the
captive portal where the user can register the device, access the
production network and join the domain
Once joined 802.1x is configured and enabled via GPO.
With 802.1x enabled the user should not be presented with the portal
and the device should be autoregistered
The problem is that if I register the device with the portal the
username format is just "username". If I autoregister a 802.1x capable
device the user format is DOMAIN\username. A s I consequence I have
"duplicate" usernames
Furthermore the powershell scripts specified in the "Active Directory
Integration" section of the admin guide try to deregister devices
owned by "user", not "DOMAIN\user"
[gruppoapra-macauth]
filter_match_style=all
locale=
filter=connection_type:WIRED_MAC_AUTH,switch_group:switch-jesi-accesso
description=Gruppo Apra MAC Authentication
sources=gruppoapra-auth,email,sponsor,sms
redirecturl=http://www.apra.it/
logo=/common/logo_apra.jpg
root_module=apra_root_portal_policy
[gruppoapra-dot1x]
filter_match_style=all
locale=
filter=switch_group:switch-jesi-accesso,connection_type:Ethernet-EAP
description=Gruppo Apra 802.1x
sources=gruppoapra-auth
reuse_dot1x_credentials=enabled
autoregister=enabled
redirecturl=http://www.apra.it/
logo=/common/logo_apra.jpg
root_module=apra_root_portal_policy
--
Mammoli Cristian
System administrator
T. +39 0731 22911
Via Brodolini 6 | 60035 Jesi (an)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
