Thank you, Aaron and Ludovic,
This is weird. Here’s how the authentication rule looks in my AD source
Now, I’m testing the user that is NOT a member of Staff-WiFi AD group
root@packetfence:~# /usr/local/pf/bin/pftest authentication fake.user XXXXXX
OPTIONS-AD-SOURCE
Testing authentication for "fake.user"
Authenticating against 'OPTIONS-AD-SOURCE' in context 'admin'
Authentication SUCCEEDED against OPTIONS-AD-SOURCE (Authentication
successful.)
Matched against OPTIONS-AD-SOURCE for 'authentication' rule Staff-WiFi
set_role : Staff-WiFi
set_unreg_date : 2022-12-31
Did not match against OPTIONS-AD-SOURCE for 'administration' rules
Eugene
From: Aaron Zuercher <aaron.techge...@gmail.com>
Sent: Tuesday, November 02, 2021 10:52 AM
To: packetfence-users@lists.sourceforge.net
Cc: E.P. <ype...@gmail.com>
Subject: Re: [PacketFence-users] AD user group in the authentication source
Mine is setup for memberOf equals "full DN of Group"
Aaron
On Tue, Nov 2, 2021 at 3:26 AM E.P. via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net> > wrote:
I dare asking a stupid question.
What is the correct way to create a condition in the authentication source
based on AD to verify the user specific group membership.
I created a condition based on “memberOf” attribute which is equal to the DN of
the group. It seems doesn’t apply or rather not verified.
Any user from the AD domain who authenticates can connect via RADIUS.
Eugene
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
