Hello guys,
the issue looks to be the REST-Http-Status-Code and it should be 401.
I have checked the code and it looks to be ok.
Here (
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/radius.pm#L1045)
we return $RADIUS::RLM_MODULE_FAIL who should return a 401 (
Happy Friday!
Using /usr/local/pf/bin/pftest authentication USERNAME "", I can see that
the user is matching the deny rule as desired.
[image: image.png]
Here is a screenshot of the authentication.conf file. I think this contains
the relevant parts but let me know if I should send you the
Hello,
You could use the command:
/usr/local/pf/bin/pftest authentication USERNAME ""
You will see if you match properly your rule, it should bring Administration
right.
Could you show me your conf/authentication.conf?
Thanks,
Ludovic Zammit
Product Support Engineer Principal Lead
Hi All,
I'm hoping for some guidance on how to change the Radius Reply for CLI
authentication when users are not a member of the specified group. The
group is being matched as the RADIUS reply indicates the right
administration rule is being matched (catch all).
The behavior I was getting:
Hi Ludovic,
I've changed the group to use DN and equal, but I'm getting the same
results. Is there a way to customize the behavior when an administrative
user is authenticated but not authorized?
Thanks!
On Mon, Apr 24, 2023 at 5:32 AM Zammit, Ludovic wrote:
> Hello there,
>
> It loos like
Hello there,
It loos like the match regex operator does not work properly, in order to have
a good match use the DistinguishName of the group object in the Ad in
combinaison of the operator equals
Memberof equals CN=MyGroup,OU=domain,OU=com
Thanks,
Ludovic Zammit
Product Support Engineer
Hello,
I have an administration rule for switch CLI access that is producing
different results for users that are not a member of an AD group. Both
switches are in a switch group with type based on the standard Cisco
template. The desired result is being produced on appliance version 12.1.0
and