Dear all, I have had PacketFence set up successfully for a year or so now with AD user authentication and Entra machine authentication, but I can't seem to get AD machine authentication to work correctly.
I have a connection profile set up to filter based on Wireless-EAP and SSID. [ULCC-Curriculum] autoregister=enabled filter=connection_type:Wireless-802.11-EAP,ssid:ULCC-Curriculum advanced_filter= filter_match_style=all locale= sources=EntraID-MachineAuthentication,AD_MachineAuthentication unreg_on_acct_stop=enabled I have an authentication profile setup for AD and to filter based on security group. [AD_MachineAuthentication] set_access_durations_action= scope=sub verify=none encryption=none password=<redacted> searchattributes= basedn=OU=Computers,OU=PFA,DC=pfa,DC=education realms=pfa.education shuffle=0 dead_duration=60 description=Authenticates against AD Computers. cache_match=0 type=AD host=<redacted> email_attribute=mail monitor=1 use_connector=1 binddn=<redacted> connection_timeout=1 write_timeout=5 port=389 usernameattribute=servicePrincipalName read_timeout=10 dynamic_routing_module=AuthModule [AD_MachineAuthentication rule Curriculum] status=enabled condition0=ldap:memberOf,is member of,CN=Domain Computers,CN=Users,DC=pfa,DC=education class=authentication action0=set_access_duration=5D action1=set_role=ad_machine match=all [AD_MachineAuthentication rule Catch-All] action0=set_role=REJECT action1=set_access_duration=1h match=all status=enabled class=authentication I have created a realm for pfa.education I have tried stripped and not stripping the pfa.education but makes no difference. [pfa.education] eduroam_radius_acct_proxy_type=load-balance eduroam_radius_auth= radius_acct_proxy_type=load-balance eduroam_radius_acct= domain=pfa radius_auth_proxy_type=keyed-balance eduroam_radius_auth_proxy_type=keyed-balance admin_strip_username=enabled eduroam_radius_auth_compute_in_pf=enabled eap=default permit_custom_attributes=disabled radius_acct= radius_auth= portal_strip_username=enabled radius_strip_username=enabled radius_auth_compute_in_pf=enabled >From what I can see from the audit page, the computer is hitting Packetfence, >it knows it should use the ULCC-Curriculum connection profile and detects the >correct realm but doesn't use the authentication profile and so gets rejected >as it couldn't compute any roles. Can anyone please help me with what I am missing to get this working? Regards Corey Keeling | Senior IT Technician
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
