I have one group of AD users that need full admin access (source is h1adnetwork), one group that needs Node Manager and Violation Manager (source is h1ad), and the rest of AD users should get no access. I am running pf 8, same issue in pf 7.4. Issue is that this works only for the first group, when evaluating a user in 2nd group, I get access denied. I want it to continue evaluating until it matches rules for authentication/administration - here is the relevant section from pftest (somehow, I need to test for group membership in the “Authentication” step below so that it fails?): Authenticating against 'h1adnetwork' in context 'admin' Authentication SUCCEEDED against h1adnetwork (Authentication successful.) Did not match against h1adnetwork for 'authentication' rules Did not match against h1adnetwork for 'administration' rules Authenticating against 'h1adnetwork' in context 'portal' Authentication SUCCEEDED against h1adnetwork (Authentication successful.) Did not match against h1adnetwork for 'authentication' rules Did not match against h1adnetwork for 'administration' rules Authenticating against 'h1ad' in context 'admin' Authentication SUCCEEDED against h1ad (Authentication successful.) Matched against h1ad for 'authentication' rules set_role : eusadmin set_unreg_date : 2020-12-31 Matched against h1ad for 'administration' rules set_access_level : Violation Manager,Node Manager Ivan Auger
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
