Hello Eugene,
Use adsiedit.msc on the AD in order to have a ldap view of your AD and
check the exact attribute/values.
On my side i use ldapsearch to fix that sort of issue
(http://www.vinidox.com/ldap/querying-an-ldap-server-from-the-command-line-with-ldap-utils-ldapsearch-ldapadd-ldapmodify/)
Regards
Fabrice
Le 2018-01-22 à 16:54, E.P. a écrit :
I’m observing a weird behavior while doing it, Fabrice.
I did create a rule that should match for just one condition, i.e.
memberOf
The user I’m authenticating does belong to Users CN in AD and I can
authenticate normally, here’s the output of pftest authentication
it.tech XXXXXXX command
But for some reason rules are not matched. I even tried to set the
condition to distingishedName with value taken from AD
To be like this
What bothers me is that I don’t see any LDAP related details coming
from AD server while debugging radius and authenticating as it.tech user.
Could it be the source of the problem ?
Eugene
*From:*Durand fabrice [mailto:[email protected]]
*Sent:* Friday, January 19, 2018 6:05 PM
*To:* E.P.; [email protected]
*Subject:* Re: [PacketFence-users] Number of devices to connect to the
network
In your AD authentication source, create a rule that match a staff
group and assign the staff role and an access duration. (memberof
equal cn=staff,dc=...)
Regards
Fabrice
Le 2018-01-17 à 01:07, E.P. a écrit :
Great!
That confirms my train of thought. But it is still not clear to me
how will it affect the user that authenticates against AD.
Yes, I have created a new role, called “staff” and yes, I have set
a limit of 2 devices for this role.
Then, the end-user just connects to SSID, authenticates and gets
on the network. How would I assign the user to the “staff” role?
Is this where provisioners come to help ?
Eugene
*From:*Fabrice Durand via PacketFence-users
[mailto:[email protected]]
*Sent:* Tuesday, January 16, 2018 6:42 AM
*To:* [email protected]
<mailto:[email protected]>
*Cc:* Fabrice Durand
*Subject:* Re: [PacketFence-users] Number of devices to connect to
the network
Hello Eugene,
this is exactly where you have to control that.
So just set a limit on the roles where you want to limit the
number of devices per users.
Regards
Fabrice
Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit :
It sounds close to the number of devices/nodes a user can
register which is configurable under Configuration-Policies
and access control-Roles, but we don’t allow this luxury to
anyone yet. Just regular network admission control based on
the active AD account
*From:*E.P. [mailto:[email protected]]
*Sent:* Monday, January 15, 2018 10:54 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* Number of devices to connect to the network
Guys,
We are still at the early phases of PF deployment and only now
looking into AD based authentication for wireless devices
Is there any way to limit the number of user devices that can
be connected by one user?
Let’s say the user uses his/her laptop and roams around remote
sites where we provide WiFi with WPA2-Enterprise and we also
allow him/her use the phone (iPhone/Android). No more devices
to connect
Eugene
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
