Re: [PacketFence-users] Number of devices to connect to the network

Thu, 25 Jan 2018 04:14:44 -0800 

Three different ones ;)

IE 11, Firefox and Chrome.

 

From: Durand fabrice [mailto:fdur...@inverse.ca] 
Sent: Wednesday, January 24, 2018 6:25 PM
To: E.P.; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Number of devices to connect to the network

 

Weird, i am not able to reproduce it, wish browser are you using ?

Fabrice

 

Le 2018-01-23 à 03:10, E.P. a écrit :

I figured it out, Fabrice. Thanks for the ldapsearch tool guidance but it
was my haste as usual ;)

I set “Matches” parameter to “All” and it turned out that the reply for the
query against AD returned a membership in more than one group.

And of course this condition didn’t evaluate as true. I changed it to “Any”
and it is all good .

 

I guess Administration rule is not very important here but I found that the
value for the “Access level” doesn’t show and I tried it in two different
browsers:

 



 

Eugene

 

From: Durand fabrice [mailto:fdur...@inverse.ca] 
Sent: Monday, January 22, 2018 6:59 PM
To: E.P.; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Number of devices to connect to the network

 

Hello Eugene,

Use adsiedit.msc on the AD in order to have a ldap view of your AD and check
the exact attribute/values.

On my side i use ldapsearch to fix that sort of issue
(http://www.vinidox.com/ldap/querying-an-ldap-server-from-the-command-line-w
ith-ldap-utils-ldapsearch-ldapadd-ldapmodify/)

Regards

Fabrice

 

 

Le 2018-01-22 à 16:54, E.P. a écrit :

I’m observing a weird behavior while doing it, Fabrice.

I did create a rule that should match for just one condition, i.e. memberOf

 



 

The user I’m authenticating does belong to Users CN in AD and I can
authenticate normally, here’s the output of pftest authentication it.tech
XXXXXXX command

 



 

But for some reason rules are not matched. I even tried to set the condition
to distingishedName with value taken from AD

 



 

To be like this

 



 

 

What bothers me is that I don’t see any LDAP related details coming from AD
server while debugging radius and authenticating as it.tech user.

Could it be the source of the problem ?

 

Eugene

From: Durand fabrice [mailto:fdur...@inverse.ca] 
Sent: Friday, January 19, 2018 6:05 PM
To: E.P.; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Number of devices to connect to the network

 

In your AD authentication source, create a rule that match a staff group and
assign the staff role and an access duration. (memberof equal
cn=staff,dc=...)

Regards

Fabrice

 

 

 

Le 2018-01-17 à 01:07, E.P. a écrit :

Great!

That confirms my train of thought. But it is still not clear to me how will
it affect the user that authenticates against AD.

Yes, I have created a new role, called “staff” and yes, I have set a limit
of 2 devices for this role. 

Then, the end-user just connects to SSID, authenticates and gets on the
network. How would I assign the user to the “staff” role?

Is this where provisioners come to help ?

 

Eugene

 

From: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Tuesday, January 16, 2018 6:42 AM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Subject: Re: [PacketFence-users] Number of devices to connect to the network

 

Hello Eugene,

this is exactly where you have to control that.

So just set a limit on the roles where you want to limit the number of
devices per users.

Regards

Fabrice

 

 

Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit :

It sounds close to the number of devices/nodes a user can register which is
configurable under Configuration-Policies and access control-Roles, but we
don’t allow this luxury to anyone yet. Just regular network admission
control based on the active AD account

 

From: E.P. [mailto:ype...@gmail.com] 
Sent: Monday, January 15, 2018 10:54 PM
To: packetfence-users@lists.sourceforge.net
Subject: Number of devices to connect to the network

 

Guys,

We are still at the early phases of PF deployment and only now looking into
AD based authentication for wireless devices

Is there any way to limit the number of user devices that can be connected
by one user?

Let’s say the user uses his/her laptop and roams around remote sites where
we provide WiFi with WPA2-Enterprise and we also allow him/her use the phone
(iPhone/Android). No more devices to connect

 

Eugene









----------------------------------------------------------------------------
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot









_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users








-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org) 

 

 

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to