Greetings, I have a simple authentication source for domain-joined Windows machines that uses the servicePrincipalName. This works great. I know that I can do single sign on via GPO which will cause the machine to re-authenticate using the sAMAccountName after user logon...so, at the logon screen, the servicePrincipalName is used and once a user logins the sAMAccountName is used.
However, I'd like to push users onto different VLANs based on whether they login via a domain-joined machine verses a BYOD machine (i.e. non-domain joined). So the operational logic would be: If machine is domain-joined and user is a memberOf yourFavoriteGroup then role TRUSTED If machine is *not *domain-joined and user is a memberOf yourFavoriteGroup then role UNTRUSTED. Any ideas? Best, Christian
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
