Hi, I managed to do make a successful authentication to a win AD. 802.1x on client side is set to authenticate with username. That works fine, a source is set up to a win AD checking if user's sAMaccountName exists in the subtree. I checked the LDAP query-s on the DC's side. The problem is, that I also set up Rules in the Source. Rule's class is authentication. It has only one condition, sAMaccountname is member of GroupName Action: Set_role CompanyRoleForEmployee
I see that there is no ldap query for testing if the user is in the GroupName group. Is that a problem? I set up autoregister in order to not use the captive portal. Now I have two problems. The group membership is not tested and the client is not set any vlan. Ofcourse I have already set a vlan for Employees, and if I assign the client by hand, it is set to the Employee vlan and gets an IP. In my pflog I see this: Mar 07 11:53:36 httpd.aaa(21823) INFO: [mac:ec:f4:bb:10:ad:b7] Realm source is configured in the realm MYDOMAINISHERE but is not in the portal profile. Ignoring it and using the portal profile sources. (pf::config::util::get_user_sources) Mar 07 11:53:36 httpd.aaa(21823) WARN: [mac:ec:f4:bb:10:ad:b7] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Mar 07 11:53:36 httpd.aaa(21823) INFO: [mac:ec:f4:bb:10:ad:b7] autoregister a node that is already registered, do nothing. (pf::node::node_register) Mar 07 11:53:37 httpd.aaa(21823) INFO: [mac:ec:f4:bb:10:ad:b7] Instantiate profile default (pf::Portal::ProfileFactory::_from_profile) Mar 07 11:53:37 httpd.aaa(21823) INFO: [mac:ec:f4:bb:10:ad:b7] Role has already been computed and we don't want to recompute it. Getting role from node_info (pf::role::getRegisteredRole) Mar 07 11:53:37 httpd.aaa(21823) INFO: [mac:ec:f4:bb:10:ad:b7] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) Mar 07 11:53:37 httpd.aaa(21823) INFO: [mac:ec:f4:bb:10:ad:b7] PID: " MYDOMAINISHERE \\gbarocsi", Status: reg Returned VLAN: (undefined), Role: (pf::role::fetchRoleForNode) Mar 07 11:53:37 httpd.aaa(21823) WARN: [mac:ec:f4:bb:10:ad:b7] No parameter Vlan found in conf/switches.conf for the switch 10.1.12.49 (pf::Switch::getVlanByName) Mar 07 11:53:37 httpd.aaa(21823) INFO: [mac:ec:f4:bb:10:ad:b7] (10.1.12.49) Returning ACCEPT with VLAN 0 (pf::Switch::returnRadiusAccessAccept) What am I missing? Please help. Gábor Barócsi Network and System Engineer ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://makebettercode.com/inteldaal-eval _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
