Hello, I have tried to get the basic 802.1x config setup with PF. Using the built-in roles/sources/sources/etc.... I am able to ge the basic (AD user auths with 802.1x against AD, PF uses the "catch all" rule and assigns them the 'default' role & this role is defined with the switch to a particular VLAN).
This issue now comes in I want to assign a particular role based on the AD account group membership (AD user = alpha -> alpha vlan , AD user = bravo -> bravo vlan). I have setup 2 new rules within the auth source above the "catch all" rule. I have validated the order is correct within the authenticaiton.conf file too. No matter what options I have tried to configure for groupmembership or memberof within the rule, it will always bypass these conditions and use the "catch all" rule and assign the "default" role. Authentication.conf: [mydomain] read_timeout=10 realms=null,mydomain.inc basedn=DC=mydomain,DC=inc monitor=1 password=%something% searchattributes= set_access_durations_action= scope=sub email_attribute=mail usernameattribute=sAMAccountName connection_timeout=1 binddn=svc_nacadread encryption=none description=mydomain.inc Domain port=389 host=10.10.80.1,10.10.80.2 write_timeout=5 type=AD set_access_level_action= cache_match=0 shuffle=0 [mydomain rule TOR0_8021x_wired_BRAVO] action0=set_role=TOR0_8021x_BRAVO condition0=memberOf:1.2.840.113556.1.4.1941:,contains,SG_Universal_TOR0_Wired8021x_BRAVO match=all class=authentication action1=set_access_duration=1h [mydomain rule TOR0_8021x_wired_ALPHA] action0=set_role=TOR0_8021x_ALPHA condition0=groupMembership,is member of,SG_Universal_TOR0_Wired8021x_ALPHA match=all class=authentication action1=set_access_duration=1h [thinkon rule catchall] action0=set_role=default match=all class=authentication action1=set_access_duration=1h [file1 rule admins] description=All admins class=administration match=all action0=set_access_level=ALL Thanks
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
