Hello Christian,
what you can do is to follow that:
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Installation_Guide.asciidoc#advanced-access-configuration
as you can see in the example you can make a difference between the
domain-joined device and the byod.
So the logic is the following:
create 2 authentication sources , one for TRUSTED and another one for
UNTRUSTED device and make the correct rules.
After that create 2 connection profiles, one for TRUSTED (Match a device
that did machine authentication in a previous connection and connect on
ssid Secure) and assign the TRUSTED source on it and another connection
profile for UNTRUSTED (Match a device that does user authentication and
never did machine authentication on a secure ssid) and assign the
UNTRUSTED authentication source in it.
Don't forget to enable autoregistration on both connection profiles.
You should be good with that.
Regards
Fabrice
Le 19-11-18 à 14 h 50, Christian McDonald via PacketFence-users a écrit :
Greetings,
I have a simple authentication source for domain-joined Windows
machines that uses the servicePrincipalName. This works great. I know
that I can do single sign on via GPO which will cause the machine to
re-authenticate using the sAMAccountName after user logon...so, at the
logon screen, the servicePrincipalName is used and once a user logins
the sAMAccountName is used.
However, I'd like to push users onto different VLANs based on whether
they login via a domain-joined machine verses a BYOD machine (i.e.
non-domain joined).
So the operational logic would be:
If machine is domain-joined and user is a memberOf yourFavoriteGroup
then role TRUSTED
If machine is *not *domain-joined and user is a memberOf
yourFavoriteGroup then role UNTRUSTED.
Any ideas?
Best,
Christian
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
