Hi Geert, I have the same setup. On my Authentication Sources I have both configured with rules. On prem AD I used with type LDAP with memberOf equals CN=<group>,ou=… LDAP notation.
On the source AzureAD I can use only the <group> name. [http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg] [cid:image002.png@01DAA056.289ED360] Martijn Langendoen netwerkbeheerder mlangend...@dezb.nl<mailto:mlangend...@dezb.nl> [cid:image002.png@01DAA056.289ED360] 0118 654307 [http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/facebook.jpg]<https://www.facebook.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/twitter.jpg]<https://www.twitter.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/linkedin.jpg]<https://www.linkedin.com/company/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/instagram.jpg]<https://www.instagram.com/dezbnl>/dezbnl www.dezb.nl<http://www.dezb.nl/> [cid:image002.png@01DAA056.289ED360] Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg Van: Geert Heremans via PacketFence-users <packetfence-users@lists.sourceforge.net> Verzonden: 30 April 2024 09:41 Aan: packetfence-users@lists.sourceforge.net CC: Geert Heremans <heremans.ge...@gmail.com> Onderwerp: Re: [PacketFence-users] (no subject) Opgelet: Deze e-mail is afkomstig van buiten de organisatie. Klik niet op links of open geen bijlagen tenzij je de afzender kent en weet dat de inhoud veilig is. Got a little further today. We are using a Hybrid system. So we still have a local AD which syncs with Entra ID. I've noticed that I can't used securitygroups that were created on the Domain Controller and synced to our Intune tenant. If I use groups that were created on Entra in Azure it works. Is this the expected behavior? Best regards Geert Op ma 29 apr 2024 om 16:32 schreef Geert Heremans via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>: Hello I've setup an Authentication Source connected to our Intune tenant. It's possible to check the credentials of users against this tenant. When I try to setup an authentication rule using the "memberof " property (trying to check if user is member of a specific group) it fails). The username and password are validated but Packetfence doesn't see if the user is part of the group. I've tried both using the Groups member-id value as the normal name of the group. I've also both tried "contains" and "equals" as parameter. Where can I start to diagnose the problem? Anyone else had this problem? I've noticed the following in the API Audit screen: "user_groups_url": "https://graph.microsoft.com/v1.0/users/%!U(MISSING)SERNAME/memberOf<https://graph.microsoft.com/v1.0/users/%25!U(MISSING)SERNAME/memberOf>" Is there something wrong with the URL? The users group URL in the authentication source is: https://graph.microsoft.com/v1.0/users/%USERNAME/memberOf<https://graph.microsoft.com/v1.0/users/%25USERNAME/memberOf> Best regards Geert _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
