Tahnks Martijn for responding. Now that I know that I only can use groups created on Azure I can work from there. It was just a bit confusing.
Currently struggling to setup SCEP with Azure and PF. Will try some more but probably will need to ask for help in the future. Have a nice day! Ik work for a school in Belgium (near Antwerp). Have visited Middelburg many times in the past! Best regards Geert Op di 7 mei 2024 om 08:11 schreef Martijn Langendoen <mlangend...@dezb.nl>: > Hi Geert, > > I have the same setup. On my Authentication Sources I have both configured > with rules. On prem AD I used with type LDAP with memberOf equals > CN=<group>,ou=… LDAP notation. > > > > On the source AzureAD I can use only the <group> name. > > > > > > > > > > [image: > http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg] > > *Martijn Langendoen* > netwerkbeheerder > *mlangend...@dezb.nl <mlangend...@dezb.nl>* > > 0118 654307 > > [image: > http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/facebook.jpg] > <https://www.facebook.com/dezbnl>[image: > http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/twitter.jpg] > <https://www.twitter.com/dezbnl>[image: > http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/linkedin.jpg] > <https://www.linkedin.com/company/dezbnl>[image: > http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/instagram.jpg] > <https://www.instagram.com/dezbnl>/dezbnl > * www.dezb.nl <http://www.dezb.nl/>* > > Kousteensedijk 7 > 4331 JE Middelburg > Postbus 8004 > 4330 EA Middelburg > > > > > > *Van:* Geert Heremans via PacketFence-users < > packetfence-users@lists.sourceforge.net> > *Verzonden:* 30 April 2024 09:41 > *Aan:* packetfence-users@lists.sourceforge.net > *CC:* Geert Heremans <heremans.ge...@gmail.com> > *Onderwerp:* Re: [PacketFence-users] (no subject) > > > > *Opgelet:* Deze e-mail is afkomstig van buiten de organisatie. Klik niet > op links of open geen bijlagen tenzij je de afzender kent en weet dat de > inhoud veilig is. > > > > Got a little further today. > > We are using a Hybrid system. So we still have a local AD which syncs with > Entra ID. I've noticed that I can't used securitygroups that were created > on the Domain Controller and synced to our Intune tenant. > If I use groups that were created on Entra in Azure it works. > > > > Is this the expected behavior? > > > > Best regards > > Geert > > > > Op ma 29 apr 2024 om 16:32 schreef Geert Heremans via PacketFence-users < > packetfence-users@lists.sourceforge.net>: > > Hello > > > > I've setup an Authentication Source connected to our Intune tenant. It's > possible to check the credentials of users against this tenant. > > When I try to setup an authentication rule using the "memberof " property > (trying to check if user is member of a specific group) it fails). The > username and password > are validated but Packetfence doesn't see if the user is part of the group. > > I've tried both using the Groups member-id value as the normal name of the > group. I've also both tried "contains" and "equals" as parameter. > > > > Where can I start to diagnose the problem? Anyone else had this problem? > > I've noticed the following in the API Audit screen: > > > > "user_groups_url": " > https://graph.microsoft.com/v1.0/users/%!U(MISSING)SERNAME/memberOf" > > > > Is there something wrong with the URL? > > > > The users group URL in the authentication source is: > https://graph.microsoft.com/v1.0/users/%USERNAME/memberOf > > > > > > Best regards > Geert > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
