Three different ones ;)
IE 11, Firefox and Chrome.
From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Wednesday, January 24, 2018 6:25 PM
To: E.P.; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Number of devices to connect to the network
Weird, i am not able to reproduce it, wish browser are you using ?
Fabrice
Le 2018-01-23 à 03:10, E.P. a écrit :
I figured it out, Fabrice. Thanks for the ldapsearch tool guidance but it
was my haste as usual ;)
I set Matches parameter to All and it turned out that the reply for the
query against AD returned a membership in more than one group.
And of course this condition didnt evaluate as true. I changed it to Any
and it is all good .
I guess Administration rule is not very important here but I found that the
value for the Access level doesnt show and I tried it in two different
browsers:
Eugene
From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Monday, January 22, 2018 6:59 PM
To: E.P.; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Number of devices to connect to the network
Hello Eugene,
Use adsiedit.msc on the AD in order to have a ldap view of your AD and check
the exact attribute/values.
On my side i use ldapsearch to fix that sort of issue
(http://www.vinidox.com/ldap/querying-an-ldap-server-from-the-command-line-w
ith-ldap-utils-ldapsearch-ldapadd-ldapmodify/)
Regards
Fabrice
Le 2018-01-22 à 16:54, E.P. a écrit :
Im observing a weird behavior while doing it, Fabrice.
I did create a rule that should match for just one condition, i.e. memberOf
The user Im authenticating does belong to Users CN in AD and I can
authenticate normally, heres the output of pftest authentication it.tech
XXXXXXX command
But for some reason rules are not matched. I even tried to set the condition
to distingishedName with value taken from AD
To be like this
What bothers me is that I dont see any LDAP related details coming from AD
server while debugging radius and authenticating as it.tech user.
Could it be the source of the problem ?
Eugene
From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Friday, January 19, 2018 6:05 PM
To: E.P.; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Number of devices to connect to the network
In your AD authentication source, create a rule that match a staff group and
assign the staff role and an access duration. (memberof equal
cn=staff,dc=...)
Regards
Fabrice
Le 2018-01-17 à 01:07, E.P. a écrit :
Great!
That confirms my train of thought. But it is still not clear to me how will
it affect the user that authenticates against AD.
Yes, I have created a new role, called staff and yes, I have set a limit
of 2 devices for this role.
Then, the end-user just connects to SSID, authenticates and gets on the
network. How would I assign the user to the staff role?
Is this where provisioners come to help ?
Eugene
From: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Tuesday, January 16, 2018 6:42 AM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Subject: Re: [PacketFence-users] Number of devices to connect to the network
Hello Eugene,
this is exactly where you have to control that.
So just set a limit on the roles where you want to limit the number of
devices per users.
Regards
Fabrice
Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit :
It sounds close to the number of devices/nodes a user can register which is
configurable under Configuration-Policies and access control-Roles, but we
dont allow this luxury to anyone yet. Just regular network admission
control based on the active AD account
From: E.P. [mailto:ype...@gmail.com]
Sent: Monday, January 15, 2018 10:54 PM
To: packetfence-users@lists.sourceforge.net
Subject: Number of devices to connect to the network
Guys,
We are still at the early phases of PF deployment and only now looking into
AD based authentication for wireless devices
Is there any way to limit the number of user devices that can be connected
by one user?
Lets say the user uses his/her laptop and roams around remote sites where
we provide WiFi with WPA2-Enterprise and we also allow him/her use the phone
(iPhone/Android). No more devices to connect
Eugene
----------------------------------------------------------------------------
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users