Hello Adrian,
in my opinion it will be easier to have only one authentication sources
but 3 rules.
Something like:
Base DN : OU=Utilisateurs,OU=Maquette,DC=NOVASYS,DC=LOCAL
* Name : Service_Auth
* Description : Service Users
* Contains : Everything
* condition:
dn,contain,OU=Service,OU=Utilisateurs,OU=Maquette,DC=NOVASYS,DC=LOCAL
* Action : -Role : Service
-Unregistration date : January 01 2020
* Name : Production_Auth
* Description : Service Users
* Contains : Everything
* condition:
dn,contain,OU=Production,OU=Utilisateurs,OU=Maquette,DC=NOVASYS,DC=LOCAL
* Action : -Role : Production
-Unregistration date : January 01 2020
...
and at the end a catch_all rule that return tge REJECT role.
Then in the connection profile with a filter Ethernet-EAP, check Autoregister.
This should be ok with that.
Also as Nicolas say, can you share te packetfence.log file when the device
connect ?
Thanks
Regards
Fabrice
Le 19-02-19 à 08 h 33, Adrian Dessaigne via PacketFence-users a écrit :
Hello Fabrice
I'm changing the name of the thread since this one is off topic from the previous
("Can't link PacketFence with AD server")
I have a new issue but I think it's from my configuration. I have 3 vlans for user, "Production"
n°5, "Service" n°15 and "SAV" n°25.
In my AD, users are defined in OU with the same name has VLANs.
I want for each authentication with ID know in the AD, PacketFence attribute
the rôle for this user and then throw it in the correct VLAN.
So, my sub interfaces are defined, 5 in total (Registration / Isolation /
Production / Service / SAV).
I have created 3 role with the name of my users vlans.
Then, I went into my Switch configuration (in PF) and defined the vlan ID on
the corresponding role:
Production : 5
Service : 15
SAV : 25
Finally, I have configured my authentication source.
I have 3 AD Source with the same configuration logic:
Base DN : OU=Service,OU=Utilisateurs,OU=Maquette,DC=NOVASYS,DC=LOCAL ( For the
base DN, I've set the Sub OU of my users)
Authentication rules:
* Name : Service_Auth
* Description : Service Users
* Contains : Everything
* No condition (catch-all)
* Action : -Role : Service
-Unregistration date : January 01 2020
Then I plug a new computer on the network, authenticate, and my computer is
still in the Registration VLAN. When I go on the device tab, I see my computer
recorded but the role is not defined, I have to set it manually.
Did I miss something ?
Adrian
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
