Hi Ludovic, thanks for the explanation. I re-check my config and all was correctly configured. Today I found the issue, my second domain is longer that principal and the username for machine authentication exceed the MS limit (host/MY_PC_WITH_LONG_NAME.mysecond_domain.local). By renaming the COMPUTER NAME with a shorter value all is working now.
I was looking at the wrong side because the error message isn't clear (seems general auth issue). Is there some workaround to avoid renaming PC? Enrico. On 02/08/19 13:52, Ludovic Zammit wrote: Hello Enrico, You have to create a realm with your domainName.local and enable “Strip in RADIUS authorization” then on your connection profile you will need an AD source with the “Username Attribute” with sAMAccountName and servicePrincipalName. [X] It will allow you authenticate users and computers. Thanks, On Aug 2, 2019, at 6:53 AM, Enrico Pasqualotto via PacketFence-users <[email protected]<mailto:[email protected]>> wrote: Hi all, I have two domain: mydomain1.local mydomain2.local configured with their REALM (MYDOMAIN1 & MYDOMAIN2) and all user auth are working well over RADIUS + Active-Directory. Machine_authentication are working well for domain1.local because I have set the domain in the REALM NULL & DEFAULT. Machine auth username come with this format: host/$PCNAME$.mydomainX.local How can I manage the machine auth for multiple domain, I've tried to add a new REALM mydomain2.local but doesn't work. Anyone can point me to the right configuration? How is the REALM retrieved on machine_auth? Thanks -- Enrico Pasqualotto [https://www.backloop.biz/backloop_loghi/LOGO_BackLoop_small.png] Private mail: [email protected]<mailto:[email protected]> Office: +39 045 9971269 Le informazioni contenute in questo messaggio di posta elettronica e negli eventuali allegati sono riservate e confidenziali e sono indirizzate esclusivamente al destinatario. Si prega di non fare copia, inoltrare a terzi o conservare tale messaggio se non si è il legittimo destinatario dello stesso. Qualora questo messaggio sia stato ricevuto per errore, si prega di rinviarlo al mittente e di cancellarlo permanentemente dal proprio computer. The information contained in this message and in any attachment is intended exclusively for the recipient. If you are not the intended recipient you are hereby notified not to copy, save, disclose, or distribute it to any third party. If you erroneously received this message you are kindly requested to return it to the sender and eliminate it permanently from your computer. _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Enrico Pasqualotto [https://www.backloop.biz/backloop_loghi/LOGO_BackLoop_small.png] Private mail: [email protected]<mailto:[email protected]> Office: +39 045 9971269 Le informazioni contenute in questo messaggio di posta elettronica e negli eventuali allegati sono riservate e confidenziali e sono indirizzate esclusivamente al destinatario. Si prega di non fare copia, inoltrare a terzi o conservare tale messaggio se non si è il legittimo destinatario dello stesso. Qualora questo messaggio sia stato ricevuto per errore, si prega di rinviarlo al mittente e di cancellarlo permanentemente dal proprio computer. The information contained in this message and in any attachment is intended exclusively for the recipient. If you are not the intended recipient you are hereby notified not to copy, save, disclose, or distribute it to any third party. If you erroneously received this message you are kindly requested to return it to the sender and eliminate it permanently from your computer.
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
