Hello, Your source is checking in the OU "computers". I think you need a other source for the users. Regards
Le mer. 24 juil. 2019 à 01:55, Helen Power via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi Nicolas, > > I think I figured it out. I changed the filter from "member of" to "nested > group" and now it's working. > > Thank you very much for your help, > > > Helen > -----Original Message----- > From: Helen Power via PacketFence-users < > packetfence-users@lists.sourceforge.net> > Sent: Tuesday, July 23, 2019 1:35 PM > To: packetfence-users@lists.sourceforge.net > Cc: Helen Power <helen_po...@resourcepro.com> > Subject: Re: [PacketFence-users] Help! email is not allowed to sponsor > guest access > > Hi Nicolas, > > I did /usr/local/pf/bin/pftest authentication helen_power 'password' > Admin_Sponsor and get a reply like this: > > # > Testing authentication for "Helen_Power" > > Authenticating against 'Admin_Sponsor' in context 'admin' > Authentication SUCCEEDED against Admin_Sponsor (Authentication > successful.) > Did not match against Admin_Sponsor for 'authentication' rules > Did not match against Admin_Sponsor for 'administration' rules > > Authenticating against 'Admin_Sponsor' in context 'portal' > Authentication SUCCEEDED against Admin_Sponsor (Authentication > successful.) > Did not match against Admin_Sponsor for 'authentication' rules > Did not match against Admin_Sponsor for 'administration' rules # > > Related info in Authentication.conf: > [Admin_Sponsor] > cache_match=0 > read_timeout=10 > realms= > basedn=DC=x,DC=x,DC=com > monitor=1 > password=password > shuffle=0 > searchattributes= > scope=sub > email_attribute=mail > usernameattribute=sAMAccountName > connection_timeout=5 > binddn=CN=wirelessauth,OU=System Function Account,OU=Special > Account,DC=X,DC=X,DC=com encryption=none description=Group for sponsorship > for guests > port=389 > host=172.16.100.X > write_timeout=5 > type=AD > > [Admin_Sponsor rule Sponsorship] > action0=mark_as_sponsor=1 > condition0=memberOf,equals,CN=WirelessSponsorGlobal,OU=Special Security > Group,OU=Special Account,DC=X,DC=X,DC=com match=all class=administration > description=Global Tech, US_Cooperate and SDU manager > > I'm totally sure that my sponsor user belongs to the group > (WirelessSponosrGlobal) defined in the condition above. Like I mentioned in > the previous email, do you think my PF box not be able to re-join the > Active directory domain has anything to do with this issue? Or what do you > suggest me to do next? > > # > [root@packetfence PFdomain]# chroot /chroots/PFdomain wbinfo -u could not > obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not > obtain winbind domain name! > Error looking up domain users > > [root@packetfence PFdomain]# wbinfo -t > could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE > could not obtain winbind domain name! > checking the trust secret for domain (null) via RPC calls failed failed to > call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE Could not > check secret > > [root@pfence bin]# net ads info > ads_connect: No logon servers are currently available to service the logon > request. > ads_connect: No logon servers are currently available to service the logon > request. > Didn't find the ldap server! > # > > Domain.conf: > [Test] > > ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2)))) > registration=0 > ntlm_cache_expiry=3600 > dns_name=x.x.com > dns_servers=172.16.100.X > ou=Computers > ntlm_cache_on_connection=disabled > workgroup=abc0 > ntlm_cache_batch_one_at_a_time=disabled > sticky_dc=* > ad_server=172.16.100.X > ntlm_cache_batch=disabled > server_name=%h > > > Thank you very much for your help. > > > > > -----Original Message----- > From: Nicolas Quiniou-Briand via PacketFence-users < > packetfence-users@lists.sourceforge.net> > Sent: Tuesday, July 23, 2019 6:57 AM > To: packetfence-users@lists.sourceforge.net > Cc: Nicolas Quiniou-Briand <n...@inverse.ca> > Subject: Re: [PacketFence-users] Help! email is not allowed to sponsor > guest access > > Hello, > > On 2019-07-22 9:53 p.m., Helen Power via PacketFence-users wrote: > > We want to achieve guest self-registration feature via sponsor email. > > I defined one authentication source type to AD with action "Mark as > > sponsor" . However, when I use guest signup and put the sponsor email > > in then it says "Email XX is not allowed to sponsor guest access", > > which I'm sure the email address should can sponsor the guest access. > > Make a test with your sponsor user to see if the "Admin_Sponsor" rule > match: > > #v+ > pftest authentication YOUR_SPONSOR_USER_ID '' Admin_Sponsor > #v- > > In the output, you should see if your sponsor user match the rule and is > able to sponsor. > -- > Nicolas Quiniou-Briand > n...@inverse.ca :: +1.514.447.4918 *140 :: > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Finverse.ca&data=02%7C01%7Chelen_power%40resourcepro.com%7Cde7c828ba9d743f4489408d70fa67edb%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636995080089701523&sdata=SPsGndizpf0JPyqKEEqyMcOfuxDE6wIEfMJuWC9ExHs%3D&reserved=0 > Inverse inc. :: Leaders behind SOGo ( > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsogo.nu&data=02%7C01%7Chelen_power%40resourcepro.com%7Cde7c828ba9d743f4489408d70fa67edb%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636995080089701523&sdata=22daHDMxiTyCLYRGvk6M1aI3tLwlWQ4Ud3MPMjtqDJ4%3D&reserved=0), > PacketFence > ( > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpacketfence.org&data=02%7C01%7Chelen_power%40resourcepro.com%7Cde7c828ba9d743f4489408d70fa67edb%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636995080089701523&sdata=82vurVucopZKSoNQOfRL1f36RLdJ%2BhOvcLS6GVCkKEo%3D&reserved=0) > and Fingerbank ( > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Ffingerbank.org&data=02%7C01%7Chelen_power%40resourcepro.com%7Cde7c828ba9d743f4489408d70fa67edb%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636995080089701523&sdata=n%2B9jusgtbU%2FilF8LaTtsg%2FZztrjxzoBMo0lJsBVyM4M%3D&reserved=0 > ) > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Chelen_power%40resourcepro.com%7Cde7c828ba9d743f4489408d70fa67edb%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636995080089701523&sdata=PR7bX6UyJeoB1IoJ92%2FP5XUk8EWifqJaoT0vi5njZO4%3D&reserved=0 > This email (including any attachments) contains confidential information > intended for a specific individual and purpose. If you have received this > email in error please notify the sender immediately and delete this e-mail. > If you are not the intended recipient any disclosing, distributing, > copying, or taking any action based on this e-mail is strictly prohibited. > ReSource Pro, LLC. 60 E 42nd Street, Suite 1500 New York, NY 10165 > https://nam04.safelinks.protection.outlook.com/?url=www.resourcepro.com&data=02%7C01%7Chelen_power%40resourcepro.com%7Cde7c828ba9d743f4489408d70fa67edb%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636995080089701523&sdata=dgPPP5BPsq10VqAbperRHKxS6FOTCR5KeYpMFohQjsA%3D&reserved=0 > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Chelen_power%40resourcepro.com%7Cde7c828ba9d743f4489408d70fa67edb%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636995080089701523&sdata=PR7bX6UyJeoB1IoJ92%2FP5XUk8EWifqJaoT0vi5njZO4%3D&reserved=0 > This email (including any attachments) contains confidential information > intended for a specific individual and purpose. If you have received this > email in error please notify the sender immediately and delete this e-mail. > If you are not the intended recipient any disclosing, distributing, > copying, or taking any action based on this e-mail is strictly prohibited. > ReSource Pro, LLC. 60 E 42nd Street, Suite 1500 New York, NY 10165 > www.resourcepro.com > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
