Sorry I forgot to add PacketFence users as cc. Oh yes you are right thank you ! I have a last question (sorry ;)) : One of my goal is to authenticate users only if they are on an AD computer. So far, Computer + user auth It is working well (computer is authenticated when on logon screen and user is authenticated when enters login) but how can I force user to be on an AD computer ? Thank you !
On Mon, May 23, 2022 at 11:00 AM José Ramos <joseramosdeoli...@gmail.com> wrote: > Oh yes you are right thank you ! > I have a last question (sorry ;)) : > One of my goal is to authenticate users only if they are on an AD > computer. So far, Computer + user auth It is working well (computer is > authenticated when on logon screen and user is authenticated when enters > login) but how can I force user to be on an AD computer ? > Thank you ! > > On Sun, May 22, 2022 at 9:42 PM Fabrice Durand <oeufd...@gmail.com> wrote: > >> create 2 connection profiles (802.1x and mac-auth) and 2 authentication >> sources (one for secure and the other one for mac-auth). >> Associate the first authentication source on the secure portal and the >> 2nd one to the mac-auth portal. >> >> Now you just need to play with the authentication rules on each source to >> return a different role. >> >> >> >> >> Le dim. 22 mai 2022 à 15:22, José Ramos <joseramosdeoli...@gmail.com> a >> écrit : >> >>> Hello Fabrice. >>> >>> Thanks a lot for your answer but as I said I managed to do it :) >>> I have a second question since you are here : >>> I would like to give VLAN x if AD user connects through 802.1x and VLAN >>> y if AD user connects through portal. To me the best thing to do is to add >>> a condition with Connection type in the AD-users authentication source. But >>> the combobox is empty :'( which is a little bit problematic (I tried to add >>> the connection type manually in authentication.conf but it did not work) >>> >>> This is not urgent. >>> >>> PS : I don't know if you using oeufd...@gmail.com is planned :D >>> >>> >>> On Sun, May 22, 2022 at 8:43 PM Fabrice Durand <oeufd...@gmail.com> >>> wrote: >>> >>>> Hello José, >>>> >>>> you have to combine 2 authentication sources, one for the user and the >>>> other for the computer. >>>> The difference between the 2 will be the username attribute , for user >>>> it´s sAMAccountName and for computer it´s userPrincipalName (btw create >>>> authentication rules for user and machines) >>>> >>>> So once you have the 2 authentication sources , assign them on the same >>>> connection profile (per example the one you use to filter on the secure >>>> ssid) . >>>> >>>> >>>> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_using_the_corporate_machine_role >>>> >>>> Regards >>>> Fabrice >>>> >>>> >>>> >>>> >>>> >>>> Le dim. 22 mai 2022 à 12:41, José Ramos via PacketFence-users < >>>> packetfence-users@lists.sourceforge.net> a écrit : >>>> >>>>> I went the wrong way actually I didn't want to do that. >>>>> What I would like to do is give the user a role if he is on a domain >>>>> computer. >>>>> I guess it is just a condition in my AD-users authentication >>>>> source.but I can't do it. >>>>> Does someone have a suggestion ? :) >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> PacketFence-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users