Weird, i am not able to reproduce it, wish browser are you using ?
Fabrice
Le 2018-01-23 à 03:10, E.P. a écrit :
I figured it out, Fabrice. Thanks for the ldapsearch tool guidance but
it was my haste as usual ;)
I set “Matches” parameter to “All” and it turned out that the reply
for the query against AD returned a membership in more than one group.
And of course this condition didn’t evaluate as true. I changed it to
“Any” and it is all good .
I guess Administration rule is not very important here but I found
that the value for the “Access level” doesn’t show and I tried it in
two different browsers:
Eugene
*From:*Durand fabrice [mailto:fdur...@inverse.ca]
*Sent:* Monday, January 22, 2018 6:59 PM
*To:* E.P.; packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] Number of devices to connect to the
network
Hello Eugene,
Use adsiedit.msc on the AD in order to have a ldap view of your AD and
check the exact attribute/values.
On my side i use ldapsearch to fix that sort of issue
(http://www.vinidox.com/ldap/querying-an-ldap-server-from-the-command-line-with-ldap-utils-ldapsearch-ldapadd-ldapmodify/)
Regards
Fabrice
Le 2018-01-22 à 16:54, E.P. a écrit :
I’m observing a weird behavior while doing it, Fabrice.
I did create a rule that should match for just one condition, i.e.
memberOf
The user I’m authenticating does belong to Users CN in AD and I
can authenticate normally, here’s the output of pftest
authentication it.tech XXXXXXX command
But for some reason rules are not matched. I even tried to set the
condition to distingishedName with value taken from AD
To be like this
What bothers me is that I don’t see any LDAP related details
coming from AD server while debugging radius and authenticating as
it.tech user.
Could it be the source of the problem ?
Eugene
*From:*Durand fabrice [mailto:fdur...@inverse.ca]
*Sent:* Friday, January 19, 2018 6:05 PM
*To:* E.P.; packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
*Subject:* Re: [PacketFence-users] Number of devices to connect to
the network
In your AD authentication source, create a rule that match a staff
group and assign the staff role and an access duration. (memberof
equal cn=staff,dc=...)
Regards
Fabrice
Le 2018-01-17 à 01:07, E.P. a écrit :
Great!
That confirms my train of thought. But it is still not clear
to me how will it affect the user that authenticates against AD.
Yes, I have created a new role, called “staff” and yes, I have
set a limit of 2 devices for this role.
Then, the end-user just connects to SSID, authenticates and
gets on the network. How would I assign the user to the
“staff” role?
Is this where provisioners come to help ?
Eugene
*From:*Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
*Sent:* Tuesday, January 16, 2018 6:42 AM
*To:* packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
*Cc:* Fabrice Durand
*Subject:* Re: [PacketFence-users] Number of devices to
connect to the network
Hello Eugene,
this is exactly where you have to control that.
So just set a limit on the roles where you want to limit the
number of devices per users.
Regards
Fabrice
Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit :
It sounds close to the number of devices/nodes a user can
register which is configurable under
Configuration-Policies and access control-Roles, but we
don’t allow this luxury to anyone yet. Just regular
network admission control based on the active AD account
*From:*E.P. [mailto:ype...@gmail.com]
*Sent:* Monday, January 15, 2018 10:54 PM
*To:* packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
*Subject:* Number of devices to connect to the network
Guys,
We are still at the early phases of PF deployment and only
now looking into AD based authentication for wireless devices
Is there any way to limit the number of user devices that
can be connected by one user?
Let’s say the user uses his/her laptop and roams around
remote sites where we provide WiFi with WPA2-Enterprise
and we also allow him/her use the phone (iPhone/Android).
No more devices to connect
Eugene
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
