Im observing a weird behavior while doing it, Fabrice.
I did create a rule that should match for just one condition, i.e. memberOf
The user Im authenticating does belong to Users CN in AD and I can
authenticate normally, heres the output of pftest authentication it.tech
XXXXXXX command
But for some reason rules are not matched. I even tried to set the condition
to distingishedName with value taken from AD
To be like this
What bothers me is that I dont see any LDAP related details coming from AD
server while debugging radius and authenticating as it.tech user.
Could it be the source of the problem ?
Eugene
From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Friday, January 19, 2018 6:05 PM
To: E.P.; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Number of devices to connect to the network
In your AD authentication source, create a rule that match a staff group and
assign the staff role and an access duration. (memberof equal
cn=staff,dc=...)
Regards
Fabrice
Le 2018-01-17 à 01:07, E.P. a écrit :
Great!
That confirms my train of thought. But it is still not clear to me how will
it affect the user that authenticates against AD.
Yes, I have created a new role, called staff and yes, I have set a limit
of 2 devices for this role.
Then, the end-user just connects to SSID, authenticates and gets on the
network. How would I assign the user to the staff role?
Is this where provisioners come to help ?
Eugene
From: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Tuesday, January 16, 2018 6:42 AM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Subject: Re: [PacketFence-users] Number of devices to connect to the network
Hello Eugene,
this is exactly where you have to control that.
So just set a limit on the roles where you want to limit the number of
devices per users.
Regards
Fabrice
Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit :
It sounds close to the number of devices/nodes a user can register which is
configurable under Configuration-Policies and access control-Roles, but we
dont allow this luxury to anyone yet. Just regular network admission
control based on the active AD account
From: E.P. [mailto:ype...@gmail.com]
Sent: Monday, January 15, 2018 10:54 PM
To: packetfence-users@lists.sourceforge.net
Subject: Number of devices to connect to the network
Guys,
We are still at the early phases of PF deployment and only now looking into
AD based authentication for wireless devices
Is there any way to limit the number of user devices that can be connected
by one user?
Lets say the user uses his/her laptop and roams around remote sites where
we provide WiFi with WPA2-Enterprise and we also allow him/her use the phone
(iPhone/Android). No more devices to connect
Eugene
----------------------------------------------------------------------------
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
