[root@srvpf conf]# cat domain.conf
[APRA]
ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2))))
ntlm_cache=enabled
registration=1
ntlm_cache_expiry=2592000
dns_name=APRA.IT
dns_servers=192.168.0.7,192.168.0.76
ou=Computers
ntlm_cache_on_connection=enabled
workgroup=APRA
ntlm_cache_batch_one_at_a_time=disabled
sticky_dc=*
ad_server=*
ntlm_cache_batch=enabled
server_name=%h
ntlm_cache_source=apra-user-auth-dc01
bind_pass=xxxxxxxxxxxxxx
bind_dn=xxxxxxxxxxxxxx
status=enabled
ntlmv2_only=0
[root@srvpf conf]# cat authentication.conf
[local]
description=Local Users
type=SQL
realms=null
dynamic_routing_module=AuthModule
[sms]
description=Registrazione SMS
sms_carriers=100999
type=SMS
create_local_account=no
set_access_level_action=
local_account_logins=0
pin_code_length=6
dynamic_routing_module=AuthModule
sms_activation_timeout=10m
message=PIN: $pin
password_length=8
hash_passwords=bcrypt
set_access_durations_action=
local_account_expiration=0s
[sms rule catchall]
action0=set_role=guest
status=enabled
match=all
class=authentication
action1=set_access_duration=1D
[email]
description=Registrazione E-mail
email_activation_timeout=10m
type=Email
allow_localdomain=no
create_local_account=no
set_access_level_action=
local_account_logins=0
dynamic_routing_module=AuthModule
password_length=8
hash_passwords=bcrypt
local_account_expiration=0s
[email rule catchall]
action0=set_role=guest
match=all
class=authentication
action1=set_access_duration=1D
status=enabled
[sponsor]
description=Registrazione Sponsor
type=SponsorEmail
allow_localdomain=yes
create_local_account=no
set_access_level_action=
local_account_logins=0
sponsorship_bcc=xxxxxxxx
email_activation_timeout=30m
validate_sponsor=yes
dynamic_routing_module=AuthModule
password_length=8
lang=
hash_passwords=bcrypt
sources=
register_on_activation=disabled
local_account_expiration=0s
[sponsor rule catchall]
action0=set_role=consultants
match=all
class=authentication
action1=set_access_duration=7D
status=enabled
[null]
description=Null Source
type=Null
email_required=no
set_access_level_action=
dynamic_routing_module=AuthModule
[null rule catchall]
action0=set_role=guest
match=all
class=authentication
action1=set_access_duration=1D
description=catchall
status=enabled
[facebook]
create_local_account=no
access_token_param=access_token
client_secret=xxxxxxxxxxxxxxxxxxxxxxxxxxx
access_token_path=/oauth/access_token
set_access_level_action=
protected_resource_url=https://graph.facebook.com/me?fields=id,name,email,first_name,last_name
scope=email
local_account_logins=0
client_id=700428460151401
description=Registrazione Facebook
domains=*.facebook.com,*.fbcdn.net,*.akamaihd.net,*.akamaiedge.net,*.edgekey.net,*.akamai.net
site=https://graph.facebook.com
redirect_url=https://nac.apra.it/oauth2/callback
type=Facebook
dynamic_routing_module=AuthModule
password_length=8
hash_passwords=bcrypt
local_account_expiration=0s
[facebook rule catchall]
action0=set_role=guest
match=all
class=authentication
action1=set_access_duration=1D
status=enabled
[apra-machine-auth-dc01]
cache_match=0
realms=apra,apra.it,default,null
basedn=dc=apra,dc=it
password=xxxxxxxxxxxxxxxxxx
set_access_level_action=
scope=sub
email_attribute=mail
usernameattribute=servicePrincipalName
connection_timeout=5
binddn=cn=packetfence,cn=Users,dc=apra,dc=it
encryption=starttls
port=389
description=Apra Machine authentication
host=192.168.0.7,192.168.0.76
type=AD
read_timeout=10
write_timeout=5
monitor=1
dynamic_routing_module=AuthModule
shuffle=1
searchattributes=
set_access_durations_action=
dead_duration=60
[apra-machine-auth-dc01 rule DomainComputers]
action0=set_role=machineauth
status=enabled
match=all
class=authentication
action1=set_access_duration=10Y
[apra-user-auth-dc01]
cache_match=0
realms=apra,apra.it,default,null
basedn=dc=apra,dc=it
password=xxxxxxxxxxxxxxxxxx
set_access_level_action=
scope=sub
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
binddn=cn=packetfence,cn=Users,dc=apra,dc=it
encryption=starttls
port=389
description=Apra User authentication
host=192.168.0.7,192.168.0.76
type=AD
read_timeout=10
write_timeout=5
monitor=1
dynamic_routing_module=AuthModule
shuffle=1
searchattributes=
set_access_durations_action=
dead_duration=60
[apra-user-auth-dc01 rule Administrator]
action0=set_access_level=ALL
condition0=memberOf,equals,CN=Apra Admins,OU=Admins,OU=Utenti,DC=apra,DC=it
status=enabled
match=any
condition1=sAMAccountName,equals,nms
class=administration
action1=mark_as_sponsor=1
[apra-user-auth-dc01 rule Sponsors]
action0=mark_as_sponsor=1
status=enabled
match=all
class=administration
[apra-user-auth-dc01 rule Voice]
action0=set_role=voice
condition0=sAMAccountName,equals,voice
status=enabled
match=all
class=authentication
action1=set_access_duration=10Y
[apra-user-auth-dc01 rule Staff_IT]
action0=set_role=staff_it
condition0=memberOf,equals,CN=Tecnici,OU=Gruppi apra,OU=Utenti,DC=apra,DC=it
status=enabled
match=all
class=authentication
action1=set_access_duration=10Y
[apra-user-auth-dc01 rule Adiacent]
action0=set_role=adiacent
condition0=memberOf,equals,CN=PF-Adiacent,OU=Utenti
Adiacent,OU=Utenti,DC=apra,DC=it
status=enabled
match=all
class=authentication
action1=set_access_duration=10Y
[apra-user-auth-dc01 rule Employees]
action0=set_role=employees
status=enabled
match=all
class=authentication
action1=set_access_duration=10Y
[apra-vpn-auth rule vpn_Apra]
action0=set_role=REJECT
match=all
class=authentication
action1=set_access_duration=1D
status=enabled
[apra-vpn-auth-dc01 rule test]
action0=set_role=employees
match=all
class=authentication
action1=set_access_duration=10Y
status=enabled
[apra-user-auth-ntlm-sync rule Administrator]
action0=set_access_level=ALL
condition0=memberOf,equals,CN=Tecnici,OU=Gruppi apra,OU=Utenti,DC=apra,DC=it
match=all
class=administration
action1=mark_as_sponsor=1
status=enabled
[apra-user-auth-ntlm-sync rule Sponsors]
action0=mark_as_sponsor=1
match=all
class=administration
status=enabled
[apra-user-auth-ntlm-sync rule Staff_IT]
action0=set_role=staff_it
condition0=memberOf,equals,CN=Tecnici,OU=Gruppi apra,OU=Utenti,DC=apra,DC=it
match=all
class=authentication
action1=set_unreg_date=2030-01-01
status=enabled
[apra-user-auth-ntlm-sync rule Employees]
action0=set_role=employees
match=all
class=authentication
action1=set_unreg_date=2030-01-01
status=enabled
[apra-user-auth-dc02 rule Administrator]
action0=set_access_level=ALL
condition0=memberOf,equals,CN=Tecnici,OU=Gruppi apra,OU=Utenti,DC=apra,DC=it
match=all
class=administration
action1=mark_as_sponsor=1
status=enabled
[apra-user-auth-dc02 rule Sponsors]
action0=mark_as_sponsor=1
match=all
class=administration
status=enabled
[apra-user-auth-dc02 rule Staff_IT]
action0=set_role=staff_it
condition0=memberOf,equals,CN=Tecnici,OU=Gruppi apra,OU=Utenti,DC=apra,DC=it
match=all
class=authentication
action1=set_unreg_date=2017-10-18
status=enabled
[apra-user-auth-dc02 rule Employees]
action0=set_role=employees
match=all
class=authentication
action1=set_unreg_date=2030-01-01
status=enabled
[apra-machine-auth-dc02 rule DomainComputers]
action0=set_role=machineauth
match=all
class=authentication
action1=set_unreg_date=2030-01-01
status=enabled
[apra-user-auth rule Sponsorship]
action0=mark_as_sponsor=1
match=all
class=administration
status=enabled
[apra-user-auth rule Administrators]
action0=set_access_level=ALL
condition0=memberOf,contains,Tecnici
match=all
class=administration
status=enabled
[apra-user-auth rule Employees]
action0=set_role=employees
match=all
class=authentication
action1=set_unreg_date=2030-01-01
status=enabled
[apra-machine-auth rule Employees]
action0=set_role=employees
match=all
class=authentication
action1=set_unreg_date=2030-01-01
status=enabled
[file1 rule admins]
description=All admins
class=administration
match=all
action0=set_access_level=ALL
status=enabled
Il 30/04/2021 12:53, Quiniou-Briand, Nicolas ha scritto:
Hello Cristian,
Could you send me content of:
- domain.conf (please remove any personal information) ?
- authentication.conf (only source use for NTLM cache)
I opened several issues this morning related to NTLM cache in
PacketFence but I don’t think you are concerned.
Thanks
*Nicolas Quiniou-Briand*
*Product Support Engineer***
*Office:* +33156696210
Akamai Technologies
145 Broadway
Cambridge, MA 02142
Connect with Us:
<https://community.akamai.com/><http://blogs.akamai.com/><https://twitter.com/akamai><http://www.facebook.com/AkamaiTechnologies><http://www.linkedin.com/company/akamai-technologies><http://www.youtube.com/user/akamaitechnologies?feature=results_main>
--
*Cristian Mammoli*
Network and Computer Systems Administrator
T.+39 0731719822
www.apra.it <https://www.apra.it>
Apra Spa
<https://www.apra.it/>
linksocial
*Avviso sulla tutela di informazioni riservate.* Questo messaggio è
stato spedito da Apra spa o da una delle aziende del Gruppo. Esso e gli
eventuali allegati, potrebbero contenere informazioni di carattere
estremamente riservato e confidenziale. Qualora non foste i destinatari
designati, vogliate cortesemente informarci immediatamente con lo stesso
mezzo ed eliminare il messaggio e i relativi eventuali allegati, senza
trattenerne copia.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
