I don´t think you can query Azure AD with the machine name, like https://graph.microsoft.com/v1.0/users/machine_xyz/memberOf (because it ties to the users not the devices, maybe i am wrong).
But what you can do is the following: https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_using_azure_ad_eap_tls_machine_authentication Btw you will have to change the certificate to have the AAD_Device_ID as the CN. And last resort if it's not possible to recreate a cert then you can use a EAPTLS source and check to see if the device certificate has been signed by the correct CA. Le jeu. 16 mai 2024 à 20:41, Adrian Damaschek via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Dose this also apply to using it with AzureAD, since i run a domainless > setup, and it would be enough if it just went standalone where it validates > via the certificate, > And its not the domain name it gives there, its just the word "host/" > > Currently i cant manually even approve the device to connect as its > returning a empty error with 401 on the radius reply. > > Regards > > From: Fabrice Durand via PacketFence-users < > packetfence-users@lists.sourceforge.net> > Sent: Wednesday, 15 May 2024 19:48 > To: packetfence-users@lists.sourceforge.net > Cc: Fabrice Durand <oeufd...@gmail.com> > Subject: Re: [PacketFence-users] Radius Issues with EAP TLS WiFi > > This message was sent from an external sender. > Exercise strict caution when interacting with links or file > attachments! > > Normally you shouldn't have to strip the host\ since you are able to > search this attribute in the AD via the servicePrincipalName attribute. > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.packetfence.org%2Fdoc%2FPacketFence_Installation_Guide.html%23_using_the_corporate_machine_role&data=05%7C02%7Cadrian.damaschek%40technicondesign.com%7C40467814b8f243215c2508dc7508373f%7Cd62d5a24155947988cd246c204b1ab0c%7C1%7C0%7C638513925350705789%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=60Keqdpel5RL03jw5IlkZfYmOgyNXVUa1pWGqk%2BlZpQ%3D&reserved=0 > > Le mer. 15 mai 2024 à 13:24, Adrian Damaschek via PacketFence-users > <mailto:packetfence-users@lists.sourceforge.net> a écrit : > Im trying to set up the NAC to provide certs over SCEP and then use that > to allow Device Access to my WiFi network. > > It has to be Device level auth as they are used by multiple users and it’s > the machine that should determine the access to the network. > > So there are two problems I am struggling with. One is that windows insist > on adding host/ in front of the computer and I cant seem to be able to > strip it with a filter but maybe I did the wrong thing with it > My attempt was > > ${replace($radius_request.User-Name,"host\/","")} > > Scope was set to preprocess, for testing I set the value to be always > TRUE, and I did try with and without merging the answer. > > Also when I try to log on package fence dose process it and rejects it, > giving > > Module-Failure-Message = "rest: Server returned:", > > Also noticed in the reply that I get > > REST-HTTP-Status-Code = "401", > > Not sure if this is related to the host/ that windows puts in username of > the initial request. > > Any tip on how to deal with this would be appreciated. > > Regards > Adrian > > _______________________________________________ > PacketFence-users mailing list > mailto:PacketFence-users@lists.sourceforge.net > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=05%7C02%7Cadrian.damaschek%40technicondesign.com%7C40467814b8f243215c2508dc7508373f%7Cd62d5a24155947988cd246c204b1ab0c%7C1%7C0%7C638513925350719255%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=58VHWw1vgRRpxHIT69tTfj0Xe%2ByDoOnj0taBjQ3jHyQ%3D&reserved=0 > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
