[PacketFence-users] can't authenticate with "domain\username" but "username@domain.com" works!

Sun, 25 Jun 2023 21:21:32 -0700 

Hello, dear support team!

I have an issue, I am trying to authenticate as : domain\username but it
doesn't work at all, I tried the following LADP filters :

-
(&(objectClass=user)(sAMAccountName=%{User-Name:regex:^(.*)\\\\(.*)$:$2})(userPrincipalName=%{Stripped-User-Name}@
%{Realm}))
-
(&(&(objectClass=user)(sAMAccountName=%{Stripped-User-Name}))(userPrincipalName=%{
User-Name}@yourdomain.com))
-
(&(&(objectClass=user)(sAMAccountName=%{User-Name:regex:^(.*)\\\\(.*)$:$1}))(userPrincipalName=%{User-Name:regex:^(.*)\\\\(.*)$:$
2}@yourdomain.com))
-
(&(objectClass=user)(|(sAMAccountName=%{Stripped-User-Name})(userPrincipalName=%{User-Name})))

Note that authentication with usern...@domain.com works!

What I was trying to do is to match between userPrincipalName and
sAMAccountName as I am always authenticating from windows OS. Also I have 5
rules as follows :

Rule 1: If the user is a member of the "admin" group, assign the "Admins"
role.
Conditions: User group membership is "admins"
Actions: Assign role "Admin"

Rule 2: If the user is a member of the "guests" group, assign the "Guest"
role.
Conditions: User group membership is "guests"
Actions: Assign role "Guest"

Rule 3: If the user does not have a role assigned on or not in any group,
reject the authentication request.
Conditions: User role is not defined
Actions: Reject authentication

the used config on the active directory authentication source is :

Name nac

Description nac authentication

Host 10.10.10.6 389 None

SSL Verify Mode none

Dead duration 60

Connection timeout 1

Request timeout 5

Response timeout 10

Base DN DC=aslnet,DC=net

Scope Subtree

Username Attribute UserPrincipalName

Search Attributes sAMAccountName

Append search attributes LDAP filter

Email Attribute mail

Bind DN aslnet\karimkandil


Password ••••••••

Cache match not select


Monitor yes


Shuffle not select


Use Connector yes



Authentication Rules
1 admins (for admins)


Name admins

Description for admins

Matches All

Conditions
1 memberOf is member of CN=Domain Admins,CN=Users,DC=aslnet,DC=net

Actions
1 Role admins
2 Access duration 5 days


2 guests (for guests)


3 non (reject)

Name non

Description reject

Matches Any

Conditions

Actions
1 Role On Not Found REJECT
2 Role REJECT
3 Access duration 1 hour

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to