Hi Stuart Yes, I've accomplished something similar in a few situations. AD credentials can be leveraged for this purpose. I'd setup an AD authentication source and point it to a local domain controller.
Configuration -> Policies and Access Control -> Authentication Sources -> Internal -> Active Directory Fill out the typical bind information. I'd recommend creating a new user in AD for this. Also, the ldp.exe tool can be helpful if the LDAP DN strings are a pain to type. You can test the LDAP Bind with a button on the page in ver 9.0.1. It may be available in previous versions too. Towards the bottom, you can configure authentication and administration rules. Authentication -> These rules are great for use with captive portals and who can register a device. Administration -> These control what level of admin privileges are assigned to users when they authentication. You probably want to assign a condition here. Make sure to use Actions to specify roles and durations. Conditions gave me trouble at first. I tried using "memberOf" to match groups with the "contains" option. Save yourself a troubleshooting headache and use regex instead. Something like ^.Domain Admins.* should do the trick. Then you can specify different permissions per AD group. Last, add this auth policy to a connection profile. If you're using the default, this is easy. I hope this is helpful, Nick Pier On Thu, Jun 6, 2019 at 3:02 AM Stuart Gendron via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hey all, > > Wondering if it's possible to login with your AD credentials to the admin > portal? > > Idea is we would have some users login and manage the roles they have > assigned to their nodes. Since the update I've seen you can lock users down > to certain roles, so this would be great as we would allow certain VPN > networks that aren't corporate. > > Thanks! > > -- > > *Stuart Gendron* > IT Support Specialist > > *You.i Labs* > 307 Legget Drive, Kanata, ON, K2K 3C8 > <https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> > t (613) 228-9107 x258 | c (613) 697-6853 > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
