Ok in this case fill an issue on github
https://github.com/inverse-inc/packetfence/issues
Le 2018-01-25 à 03:02, E.P. a écrit :
>
> Three different ones ;)
>
> IE 11, Firefox and Chrome.
>
>
>
> *From:*Durand fabrice [mailto:[email protected]]
> *Sent:* Wednesday, January 24, 2018 6:25 PM
> *To:* E.P.; [email protected]
> *Subject:* Re: [PacketFence-users] Number of devices to connect to the
> network
>
>
>
> Weird, i am not able to reproduce it, wish browser are you using ?
>
> Fabrice
>
>
>
> Le 2018-01-23 à 03:10, E.P. a écrit :
>
> I figured it out, Fabrice. Thanks for the ldapsearch tool guidance
> but it was my haste as usual ;)
>
> I set “Matches” parameter to “All” and it turned out that the
> reply for the query against AD returned a membership in more than
> one group.
>
> And of course this condition didn’t evaluate as true. I changed it
> to “Any” and it is all good .
>
>
>
> I guess Administration rule is not very important here but I found
> that the value for the “Access level” doesn’t show and I tried it
> in two different browsers:
>
>
>
>
>
> Eugene
>
>
>
> *From:*Durand fabrice [mailto:[email protected]]
> *Sent:* Monday, January 22, 2018 6:59 PM
> *To:* E.P.; [email protected]
> <mailto:[email protected]>
> *Subject:* Re: [PacketFence-users] Number of devices to connect to
> the network
>
>
>
> Hello Eugene,
>
> Use adsiedit.msc on the AD in order to have a ldap view of your AD
> and check the exact attribute/values.
>
> On my side i use ldapsearch to fix that sort of issue
>
> (http://www.vinidox.com/ldap/querying-an-ldap-server-from-the-command-line-with-ldap-utils-ldapsearch-ldapadd-ldapmodify/)
>
> Regards
>
> Fabrice
>
>
>
>
>
> Le 2018-01-22 à 16:54, E.P. a écrit :
>
> I’m observing a weird behavior while doing it, Fabrice.
>
> I did create a rule that should match for just one condition,
> i.e. memberOf
>
>
>
>
>
> The user I’m authenticating does belong to Users CN in AD and
> I can authenticate normally, here’s the output of pftest
> authentication it.tech XXXXXXX command
>
>
>
>
>
> But for some reason rules are not matched. I even tried to set
> the condition to distingishedName with value taken from AD
>
>
>
>
>
> To be like this
>
>
>
>
>
>
>
> What bothers me is that I don’t see any LDAP related details
> coming from AD server while debugging radius and
> authenticating as it.tech user.
>
> Could it be the source of the problem ?
>
>
>
> Eugene
>
> *From:*Durand fabrice [mailto:[email protected]]
> *Sent:* Friday, January 19, 2018 6:05 PM
> *To:* E.P.; [email protected]
> <mailto:[email protected]>
> *Subject:* Re: [PacketFence-users] Number of devices to
> connect to the network
>
>
>
> In your AD authentication source, create a rule that match a
> staff group and assign the staff role and an access duration.
> (memberof equal cn=staff,dc=...)
>
> Regards
>
> Fabrice
>
>
>
>
>
>
>
> Le 2018-01-17 à 01:07, E.P. a écrit :
>
> Great!
>
> That confirms my train of thought. But it is still not
> clear to me how will it affect the user that authenticates
> against AD.
>
> Yes, I have created a new role, called “staff” and yes, I
> have set a limit of 2 devices for this role.
>
> Then, the end-user just connects to SSID, authenticates
> and gets on the network. How would I assign the user to
> the “staff” role?
>
> Is this where provisioners come to help ?
>
>
>
> Eugene
>
>
>
> *From:*Fabrice Durand via PacketFence-users
> [mailto:[email protected]]
> *Sent:* Tuesday, January 16, 2018 6:42 AM
> *To:* [email protected]
> <mailto:[email protected]>
> *Cc:* Fabrice Durand
> *Subject:* Re: [PacketFence-users] Number of devices to
> connect to the network
>
>
>
> Hello Eugene,
>
> this is exactly where you have to control that.
>
> So just set a limit on the roles where you want to limit
> the number of devices per users.
>
> Regards
>
> Fabrice
>
>
>
>
>
> Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit :
>
> It sounds close to the number of devices/nodes a user
> can register which is configurable under
> Configuration-Policies and access control-Roles, but
> we don’t allow this luxury to anyone yet. Just regular
> network admission control based on the active AD account
>
>
>
> *From:*E.P. [mailto:[email protected]]
> *Sent:* Monday, January 15, 2018 10:54 PM
> *To:* [email protected]
> <mailto:[email protected]>
> *Subject:* Number of devices to connect to the network
>
>
>
> Guys,
>
> We are still at the early phases of PF deployment and
> only now looking into AD based authentication for
> wireless devices
>
> Is there any way to limit the number of user devices
> that can be connected by one user?
>
> Let’s say the user uses his/her laptop and roams
> around remote sites where we provide WiFi with
> WPA2-Enterprise and we also allow him/her use the
> phone (iPhone/Android). No more devices to connect
>
>
>
> Eugene
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's
> most
>
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
>
>
>
>
> _______________________________________________
>
> PacketFence-users mailing list
>
> [email protected]
> <mailto:[email protected]>
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
>
>
> --
>
> Fabrice Durand
>
> [email protected] <mailto:[email protected]> ::
> +1.514.447.4918 (x135) :: www.inverse.ca <http://www.inverse.ca>
>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
> PacketFence (http://packetfence.org)
>
>
>
>
>
>
>
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
