From: Fabrice D. <fd...@in...> - 2017-10-18 15:23:02
|
Hello Cristian, It is but because the supplicant send DOMAIN\Username and the portal use the sAMAccountName. The solution could be to use another attribute that contain the DOMAIN\Username but i am not sure it exist on the active directory and i am not sure that user will be happy to fill DOMAIN\Username on the portal. We talked about that internally and we will probably play with the realm / username to detect that the user is the same and don't try to add twice the same user. Regards Fabrice Le 2017-10-18 à 10:53, Cristian Mammoli via PacketFence-users a écrit : > Hi, sorry to dig this up... Could someone please explain if this > behaviour is expected or not? > > Thank you > > Il 02/08/2017 17:59, Cristian Mammoli via PacketFence-users ha scritto: >> Of course I checked "Use stripped username" and added "strip to the >> realm option. >> >> Il 02/08/2017 15:26, Cristian Mammoli via PacketFence-users ha scritto: >>> Hi, in my POC I'm trying the following setup: >>> If a computer does not support 802.1x should be presented with the >>> captive portal where the user can register the device, access the >>> production network and join the domain >>> Once joined 802.1x is configured and enabled via GPO. >>> With 802.1x enabled the user should not be presented with the portal >>> and the device should be autoregistered >>> >>> The problem is that if I register the device with the portal the >>> username format is just "username". If I autoregister a 802.1x >>> capable device the user format is DOMAIN\username. A s I consequence >>> I have "duplicate" usernames >>> >>> Furthermore the powershell scripts specified in the "Active >>> Directory Integration" section of the admin guide try to deregister >>> devices owned by "user", not "DOMAIN\user" >>> >>> [gruppoapra-macauth] >>> filter_match_style=all >>> locale= >>> filter=connection_type:WIRED_MAC_AUTH,switch_group:switch-jesi-accesso >>> description=Gruppo Apra MAC Authentication >>> sources=gruppoapra-auth,email,sponsor,sms >>> redirecturl=http://www.apra.it/ >>> logo=/common/logo_apra.jpg >>> root_module=apra_root_portal_policy >>> >>> [gruppoapra-dot1x] >>> filter_match_style=all >>> locale= >>> filter=switch_group:switch-jesi-accesso,connection_type:Ethernet-EAP >>> description=Gruppo Apra 802.1x >>> sources=gruppoapra-auth >>> reuse_dot1x_credentials=enabled >>> autoregister=enabled >>> redirecturl=http://www.apra.it/ >>> logo=/common/logo_apra.jpg >>> root_module=apra_root_portal_policy >>> >>> >> > -- Fabrice Durand fd...@in... :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) |