Hello Alexander, If I understand correctly, you are doing 802.1x registration based on AD group membership right ?
You can use the command: /usr/local/pf/bin/pftest authentication ad-username "" You can test the return and the rule matching. Checkout the logs/packetfence.log, you will see what’s happening. Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Nov 7, 2022, at 5:01 AM, Alexander via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hello my friends, i need help... > I am using ldap and I want to distribute roles depending on the ldap group > (memberof). I'm in authetication source ldap create "Authentication Rules" > created 2 rules: > 1) assign Role "Admins" if memberof cn=admins,..... > 2) Assign Role "User" if memberof cn=users,..... > > Also, my hosts are automatically registered. > The problem is that, for example, if I log in with an 802.1x admin account > (the device enters the admin vlan). But if I log out and log in under a > regular account (users), then again I get into the admin VLAN. Apparently > because the device is registered as Admins. In the logs I saw this: > > Role has already been computed and we don't want to recompute it. Getting > role from node_info > > Tell me how to overcome this and check memberoff every time or re-register > the device every time > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!V6yhUGqL8BAmhi4aRZU5N4k72wmUcvRT26j07IF4-Ony1gHgAOh-4cWKpv00yW_kP3LshnCibophNP_UN-T5FNvz_OGkbsT8aDwDRg$ >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
