Re: [PacketFence-users] Username format for portal and automatically registered devices

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello Cristian,

It is but because the supplicant send DOMAIN\Username and the portal use
the sAMAccountName.

The solution could be to use another attribute that contain the
DOMAIN\Username but i am not sure it exist on the active directory and i
am not sure that user will be happy to fill DOMAIN\Username on the portal.

We talked about that internally and we will probably play with the realm
/ username to detect that the user is the same and don't try to add
twice the same user.

Regards

Fabrice

Le 2017-10-18 à 10:53, Cristian Mammoli via PacketFence-users a écrit :
> Hi, sorry to dig this up... Could someone please explain if this
> behaviour is expected or not?
>
> Thank you
>
> Il 02/08/2017 17:59, Cristian Mammoli via PacketFence-users ha scritto:
>> Of course I checked "Use stripped username" and added "strip to the
>> realm option.
>>
>> Il 02/08/2017 15:26, Cristian Mammoli via PacketFence-users ha scritto:
>>> Hi, in my POC I'm trying the following setup:
>>> If a computer does not support 802.1x should be presented with the
>>> captive portal where the user can register the device, access the
>>> production network and join the domain
>>> Once joined 802.1x is configured and enabled via GPO.
>>> With 802.1x enabled the user should not be presented with the portal
>>> and the device should be autoregistered
>>>
>>> The problem is that if I register the device with the portal the
>>> username format is just "username". If I autoregister a 802.1x
>>> capable device the user format is DOMAIN\username. A s I consequence
>>> I have "duplicate" usernames
>>>
>>> Furthermore the powershell scripts specified in the "Active
>>> Directory Integration" section of the admin guide try to deregister
>>> devices owned by "user", not "DOMAIN\user"
>>>
>>> [gruppoapra-macauth]
>>> filter_match_style=all
>>> locale=
>>> filter=connection_type:WIRED_MAC_AUTH,switch_group:switch-jesi-accesso
>>> description=Gruppo Apra MAC Authentication
>>> sources=gruppoapra-auth,email,sponsor,sms
>>> redirecturl=http://www.apra.it/
>>> logo=/common/logo_apra.jpg
>>> root_module=apra_root_portal_policy
>>>
>>> [gruppoapra-dot1x]
>>> filter_match_style=all
>>> locale=
>>> filter=switch_group:switch-jesi-accesso,connection_type:Ethernet-EAP
>>> description=Gruppo Apra 802.1x
>>> sources=gruppoapra-auth
>>> reuse_dot1x_credentials=enabled
>>> autoregister=enabled
>>> redirecturl=http://www.apra.it/
>>> logo=/common/logo_apra.jpg
>>> root_module=apra_root_portal_policy
>>>
>>>
>>
>

-- 
Fabrice Durand
fd...@in... ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) 