We map ours to AD Groups. We created an AD authentication source, joined the
domain, added an Authentication Rule for each Role that AD is going to
authenticate. For devices that don’t authenticate with AD, (ie printers, IP
phones, etc) we set up auto registration by setting up a violation that checks
their mac address and assigns then a role.
Regards,
Peter
From: Timothy Mullican via PacketFence-users
[mailto:[email protected]]
Sent: Wednesday, February 7, 2018 3:04 PM
To: [email protected]
Cc: Timothy Mullican <[email protected]>
Subject: [PacketFence-users] Role Assignment (G Suite/SAML)
All,
I am trying to implement PacketFence on my network. I have added G Suite and
SAML as an authentication method and that works. The problem I have is that we
have several departments that operate on different VLANs. Is it possible to use
certain attributes from a SAML source to determine the user's role (VLAN)? I
can return a SAML attribute containing the user's group, but I don't think
PacketFence supports using this out of the box to determine their role. Then I
could manually map the returned group to a role in PacketFence. If not, how do
you assign roles for users? Active Directory groups?
Currently we have several SSIDs that are each mapped to specific VLANs. Then
the user connects to a a specific SSID to get on a specific VLAN. Greatly
appreciate any feedback.
Thank you,
Tim
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
