Hello guys, the issue looks to be the REST-Http-Status-Code and it should be 401.
I have checked the code and it looks to be ok. Here ( https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/radius.pm#L1045) we return $RADIUS::RLM_MODULE_FAIL who should return a 401 ( https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/radius/rest.pm#L53 ) I have to try to replicate it and i will be back to you. Regards Fabrice Le ven. 28 avr. 2023 à 13:43, IT Mercenary via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Happy Friday! > > Using /usr/local/pf/bin/pftest authentication USERNAME "", I can see that > the user is matching the deny rule as desired. > > [image: image.png] > > Here is a screenshot of the authentication.conf file. I think this > contains the relevant parts but let me know if I should send you the whole > file. > > [image: image.png] > > Thanks! > > On Fri, Apr 28, 2023 at 5:29 AM Zammit, Ludovic <luza...@akamai.com> > wrote: > >> Hello, >> >> You could use the command: >> >> /usr/local/pf/bin/pftest authentication USERNAME "" >> >> You will see if you match properly your rule, it should bring >> Administration right. >> >> Could you show me your conf/authentication.conf? >> >> Thanks, >> >> *Ludovic Zammit* >> *Product Support Engineer Principal Lead* >> *Cell:* +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> >> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> >> <http://www.linkedin.com/company/akamai-technologies> >> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> >> >> On Apr 27, 2023, at 7:41 PM, IT Mercenary <theitmercena...@gmail.com> >> wrote: >> >> Hi All, >> >> I'm hoping for some guidance on how to change the Radius Reply for CLI >> authentication when users are not a member of the specified group. The >> group is being matched as the RADIUS reply indicates the right >> administration rule is being matched (catch all). >> >> The behavior I was getting: >> >> <image.png> >> >> <image.png> >> >> Compared to what I'm getting now: >> <image.png> >> >> <image.png> >> Thanks! >> >> On Mon, Apr 24, 2023 at 6:45 AM IT Mercenary <theitmercena...@gmail.com> >> wrote: >> >>> Hi Ludovic, >>> >>> I've changed the group to use DN and equal, but I'm getting the same >>> results. Is there a way to customize the behavior when an administrative >>> user is authenticated but not authorized? >>> >>> Thanks! >>> >>> On Mon, Apr 24, 2023 at 5:32 AM Zammit, Ludovic <luza...@akamai.com> >>> wrote: >>> >>>> Hello there, >>>> >>>> It loos like the match regex operator does not work properly, in order >>>> to have a good match use the DistinguishName of the group object in the Ad >>>> in combinaison of the operator equals >>>> >>>> Memberof equals CN=MyGroup,OU=domain,OU=com >>>> >>>> Thanks, >>>> >>>> >>>> >>>> *Ludovic Zammit* >>>> *Product Support Engineer Principal Lead* >>>> *Cell:* +1.613.670.8432 >>>> Akamai Technologies - Inverse >>>> 145 Broadway >>>> Cambridge, MA 02142 >>>> Connect with Us: <https://community.akamai.com/> >>>> <http://blogs.akamai.com/> >>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4Cqyf7_AxUp$> >>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4CqyYr4gXNR$> >>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4CqyUpLS561$> >>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!SF63EyrrM4FXLQkheVYp5dyTys9nEA_V0jNmoz16tIaS1t0BE9_KNqNryW2DCqpFdzzV9tBE1M5sU4CqyVsZQVXE$> >>>> >>>> On Apr 21, 2023, at 1:45 PM, IT Mercenary via PacketFence-users < >>>> packetfence-users@lists.sourceforge.net> wrote: >>>> >>>> Hello, >>>> >>>> I have an administration rule for switch CLI access that is producing >>>> different results for users that are not a member of an AD group. Both >>>> switches are in a switch group with type based on the standard Cisco >>>> template. The desired result is being produced on appliance version 12.1.0 >>>> and the undesired result on v12.2.0. >>>> >>>> *Administration Rules* >>>> <image.png> >>>> >>>> *v12.1.0 Results* >>>> <image.png> >>>> RADIUS Tab: >>>> <image.png> >>>> >>>> *v12.2.0 Results* >>>> <image.png> >>>> >>>> RADIUS Tab: >>>> <image.png> >>>> >>>> >>>> Thanks! >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> >>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!RJRooQcys6zdEdxUze4ob_Fdoh8f6vc2-IXTbp2iUXgzmcvH-3YEOBQRdtmbI7Lzb_CFnZNayskBCKtC7pOqRsEGTSZZOy4s7Q6HOQ$ >>>> >>>> >>>> >> _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
