It's OK I managed to do it by adding role condition in connection profile. I should maybe try more before asking ... Sorry and thanks to all PF users and developers for their help !
On Mon, May 23, 2022 at 11:00 AM José Ramos <joseramosdeoli...@gmail.com> wrote: > Sorry I forgot to add PacketFence users as cc. > > Oh yes you are right thank you ! > I have a last question (sorry ;)) : > One of my goal is to authenticate users only if they are on an AD > computer. So far, Computer + user auth It is working well (computer is > authenticated when on logon screen and user is authenticated when enters > login) but how can I force user to be on an AD computer ? > Thank you ! > > On Mon, May 23, 2022 at 11:00 AM José Ramos <joseramosdeoli...@gmail.com> > wrote: > >> Oh yes you are right thank you ! >> I have a last question (sorry ;)) : >> One of my goal is to authenticate users only if they are on an AD >> computer. So far, Computer + user auth It is working well (computer is >> authenticated when on logon screen and user is authenticated when enters >> login) but how can I force user to be on an AD computer ? >> Thank you ! >> >> On Sun, May 22, 2022 at 9:42 PM Fabrice Durand <oeufd...@gmail.com> >> wrote: >> >>> create 2 connection profiles (802.1x and mac-auth) and 2 authentication >>> sources (one for secure and the other one for mac-auth). >>> Associate the first authentication source on the secure portal and the >>> 2nd one to the mac-auth portal. >>> >>> Now you just need to play with the authentication rules on each source >>> to return a different role. >>> >>> >>> >>> >>> Le dim. 22 mai 2022 à 15:22, José Ramos <joseramosdeoli...@gmail.com> a >>> écrit : >>> >>>> Hello Fabrice. >>>> >>>> Thanks a lot for your answer but as I said I managed to do it :) >>>> I have a second question since you are here : >>>> I would like to give VLAN x if AD user connects through 802.1x and VLAN >>>> y if AD user connects through portal. To me the best thing to do is to add >>>> a condition with Connection type in the AD-users authentication source. But >>>> the combobox is empty :'( which is a little bit problematic (I tried to add >>>> the connection type manually in authentication.conf but it did not work) >>>> >>>> This is not urgent. >>>> >>>> PS : I don't know if you using oeufd...@gmail.com is planned :D >>>> >>>> >>>> On Sun, May 22, 2022 at 8:43 PM Fabrice Durand <oeufd...@gmail.com> >>>> wrote: >>>> >>>>> Hello José, >>>>> >>>>> you have to combine 2 authentication sources, one for the user and the >>>>> other for the computer. >>>>> The difference between the 2 will be the username attribute , for user >>>>> it´s sAMAccountName and for computer it´s userPrincipalName (btw create >>>>> authentication rules for user and machines) >>>>> >>>>> So once you have the 2 authentication sources , assign them on the >>>>> same connection profile (per example the one you use to filter on the >>>>> secure ssid) . >>>>> >>>>> >>>>> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_using_the_corporate_machine_role >>>>> >>>>> Regards >>>>> Fabrice >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Le dim. 22 mai 2022 à 12:41, José Ramos via PacketFence-users < >>>>> packetfence-users@lists.sourceforge.net> a écrit : >>>>> >>>>>> I went the wrong way actually I didn't want to do that. >>>>>> What I would like to do is give the user a role if he is on a domain >>>>>> computer. >>>>>> I guess it is just a condition in my AD-users authentication >>>>>> source.but I can't do it. >>>>>> Does someone have a suggestion ? :) >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users