Re: [PacketFence-users] Role Assignment rules issue

[Krzysztof A. <kad...@yo...>]

Here are the patches to fix this:
https://github.com/inverse-inc/packetfence/commit/c5b26e48d75cc56269e7b55a1238465398e21617.patch
https://github.com/inverse-inc/packetfence/commit/ff5d9fce54c7bd6677f0ea8d7df989379fb45650.patch
https://github.com/inverse-inc/packetfence/commit/befb1620d5f00c04009c8264e7de574c3eea198d.patch

or just use /usr/local/pf/addons/pf-maint.pl

On 29/07/15 05:19 AM, Polar Geek wrote:
>
> Fabrice,
>
> Thanks for the direction got it all figured out including the 
> sAMAccountname issue. The big thing is that match had to be set to 
> any. Although on my install of 5.3.1 this can’t be set from the Web 
> GUI. There appears to be broken html. What I see is
>
> If <select name="match" id="match" class="input-mini"> <option 
> value="any" id="match.0" selected="selected">any</option> <option 
> value="all" id="match.1">all</option></select> of the following 
> conditions are met:
>
> I have included my working examples below in case anyone else runs up 
> against this issue
>
> [LCHS-DC00 rule EmployeeDevReg]
>
> description=Registration Account For Employee Devices
>
> match=any
>
> action0=set_role=EmployeeRegistration
>
> action1=set_unreg_date=2020-07-01
>
> condition0=sAMAccountName,equals,StaffRegistration
>
> [LCHS-DC00 rule Employee]
>
> description=Employee Personal Device Registration
>
> match=any
>
> action0=set_role=Employee
>
> action1=set_access_duration=5D
>
> condition0=memberOf,is member 
> of,CN=AllStaff,OU=Groups,DC=luthercollege,DC=edu
>
> Paul
>
> *From:*Durand fabrice [mailto:fd...@in...]
> *Sent:* July 28, 2015 5:42 AM
> *To:* pac...@li...
> *Subject:* Re: [PacketFence-users] Role Assignment rules issue
>
> Hello Paul,
>
> what you can do is to check a user with adsiedit.msc to see what are 
> the attribut to match.
> I am not sure that uid is member of AllStaff works but something like 
> memberof contain cn=AllStaff should be probably better.
> Also use pftest to test your rules.
>
> Regards
> Fabrice
>
> Le 2015-07-28 06:16, Polar Geek a écrit :
>
>     Hello all,
>
>     Have mostly successfully made the transition to radius / Active
>     Directory authentication. But I’m running into an issue with
>     assigning the correct role to a system using the system based on
>     different user attributes. I have include below the appropriate
>     section from authentication.conf  The issue is that only the last
>     section is being triggered (GUEST)   I was under the impression
>     that rules were processed in order and stopped once a condition
>     was met. Additionally if I completely remove the guest rule then
>     all usernames report “You don not have permission to register a
>     device with username.”  Any pointers on what I’m doing wrong?
>
>     Thanks,
>
>     Paul
>
>     [LCHS-DC00]
>
>     description=Luther Active Directory
>
>     password=***********
>
>     scope=sub
>
>     bin...@lu...
>     <mailto:bin...@lu...>
>
>     basedn=OU=LutherUsers,DC=luthercollege,DC=edu
>
>     usernameattribute=sAMAccountName
>
>     connection_timeout=5
>
>     stripped_user_name=yes
>
>     encryption=none
>
>     port=389
>
>     type=AD
>
>     host=172.20.0.254
>
>     [LCHS-DC00 rule Paul.Taylor]
>
>     description=
>
>     match=
>
>     action0=set_role=NetAdmin
>
>     action1=set_unreg_date=2020-01-01
>
>     condition0=sAMAccountName,equals,paul.taylor
>
>     [LCHS-DC00 rule EmployeeDevReg]
>
>     description=Registration Account For Employee Devices
>
>     match=
>
>     action0=set_role=EmployeeRegistration
>
>     action1=set_unreg_date=2020-07-01
>
>     condition0=sAMAccountName,equals,StaffRegistration
>
>     [LCHS-DC00 rule Employee]
>
>     description=Employee Personal Device Registration
>
>     match=
>
>     action0=set_role=Employee
>
>     action1=set_access_duration=5D
>
>     condition0=uid,is member of,AllStaff
>
>     [LCHS-DC00 rule DayStudents]
>
>     description=Non Residential Students
>
>     match=
>
>     action0=set_role=Day Student
>
>     action1=set_access_duration=5D
>
>     condition0=uid,is member of,DayStudents
>
>     [LCHS-DC00 rule DormStudents]
>
>     description=Residential Students
>
>     match=
>
>     action0=set_role=Dorm Student
>
>     action1=set_unreg_date=2016-07-01
>
>     condition0=uid,is member of,ResStudents
>
>     [LCHS-DC00 rule Guest]
>
>     description=Guest Users
>
>     match=all
>
>     action0=set_access_duration=12h
>
>     action1=set_role=guest
>
>     Paul Taylor
>
>     IT Support
>     Luther College High School
>
>
>
>
>
>     ------------------------------------------------------------------------------
>
>
>
>
>     _______________________________________________
>
>     PacketFence-users mailing list
>
>     Pac...@li...  <mailto:Pac...@li...>
>
>     https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
>
>
> _______________________________________________
> PacketFence-users mailing list
> Pac...@li...
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Krzysztof Adamski  |  Network Development  | University Information Technology
010 Steacie Science and Engineering Library | York University | 4700 Keele St. , Toronto ON  Canada M3J 1P3
T: +1.416.736.2100 x22675 | F: +1.416.736.5830 | kad...@yo... |  www.yorku.ca