Hello EP, You are correct.
memberof equals distinguishedName Then test it out with the command: /usr/local/pftest authentication USERNAME "" Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Nov 2, 2021, at 1:40 AM, E.P. via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > I dare asking a stupid question. > What is the correct way to create a condition in the authentication source > based on AD to verify the user specific group membership. > I created a condition based on “memberOf” attribute which is equal to the DN > of the group. It seems doesn’t apply or rather not verified. > Any user from the AD domain who authenticates can connect via RADIUS. > > Eugene > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!DAgw4QqWZI5NrcPBSRsPu8nUUBMMcoUvesQY2YCsfVAFrf0rqfd5wWzKecm_P3cD$ > > <https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!DAgw4QqWZI5NrcPBSRsPu8nUUBMMcoUvesQY2YCsfVAFrf0rqfd5wWzKecm_P3cD$>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users