Re: [PacketFence-users] AD user group in the authentication source

Tue, 02 Nov 2021 15:26:19 -0700 

try memberOF equals
also my rules are set to MATCHES:  ALL
not sure if that would matter


On Tue, Nov 2, 2021 at 1:01 PM E.P. <ype...@gmail.com> wrote:

> Thank you, Aaron and Ludovic,
>
> This is weird. Here’s how the authentication rule looks in my AD source
>
>
>
>
>
> Now, I’m testing the user that is NOT a member of Staff-WiFi AD group
>
>
>
>
>
> root@packetfence:~# /usr/local/pf/bin/pftest authentication fake.user
> XXXXXX OPTIONS-AD-SOURCE
>
> Testing authentication for "fake.user"
>
>
>
> Authenticating against 'OPTIONS-AD-SOURCE' in context 'admin'
>
>   Authentication SUCCEEDED against OPTIONS-AD-SOURCE (Authentication
> successful.)
>
>   Matched against OPTIONS-AD-SOURCE for 'authentication' rule Staff-WiFi
>
>     set_role : Staff-WiFi
>
>     set_unreg_date : 2022-12-31
>
>   Did not match against OPTIONS-AD-SOURCE for 'administration' rules
>
>
>
> Eugene
>
>
>
> *From:* Aaron Zuercher <aaron.techge...@gmail.com>
> *Sent:* Tuesday, November 02, 2021 10:52 AM
> *To:* packetfence-users@lists.sourceforge.net
> *Cc:* E.P. <ype...@gmail.com>
> *Subject:* Re: [PacketFence-users] AD user group in the authentication
> source
>
>
>
> Mine is setup for memberOf equals "full DN of Group"
>
>
>
> Aaron
>
>
>
> On Tue, Nov 2, 2021 at 3:26 AM E.P. via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> I dare asking a stupid question.
>
> What is the correct way to create a condition in the authentication source
> based on AD to verify the user specific group membership.
>
> I created a condition based on “memberOf” attribute which is equal to the
> DN of the group. It seems doesn’t apply or rather not verified.
>
> Any user from the AD domain who authenticates can connect via RADIUS.
>
>
>
> Eugene
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to