[prev in list] [next in list] [prev in thread] [next in thread]
List: packetfence-users
Subject: Re: [PacketFence-users] (no subject)
From: Geert Heremans via PacketFence-users <packetfence-users () lists ! sourceforge ! net>
Date: 2024-04-30 7:40:47
Message-ID: CAG8XooucpXaWKVX5QyuBqSoKPm-5h5Kmibxpau=FqTJtzXt+Kw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Got a little further today.
We are using a Hybrid system. So we still have a local AD which syncs with
Entra ID. I've noticed that I can't used securitygroups that were created
on the Domain Controller and synced to our Intune tenant.
If I use groups that were created on Entra in Azure it works.
Is this the expected behavior?
Best regards
Geert
Op ma 29 apr 2024 om 16:32 schreef Geert Heremans via PacketFence-users <
packetfence-users@lists.sourceforge.net>:
> Hello
>
> I've setup an Authentication Source connected to our Intune tenant. It's
> possible to check the credentials of users against this tenant.
>
> When I try to setup an authentication rule using the "memberof " property
> (trying to check if user is member of a specific group) it fails). The
> username and password
> are validated but Packetfence doesn't see if the user is part of the group.
>
> I've tried both using the Groups member-id value as the normal name of the
> group. I've also both tried "contains" and "equals" as parameter.
>
> Where can I start to diagnose the problem? Anyone else had this problem?
>
> I've noticed the following in the API Audit screen:
>
> "user_groups_url": "
> https://graph.microsoft.com/v1.0/users/%!U(MISSING)SERNAME/memberOf"
>
> Is there something wrong with the URL?
>
> The users group URL in the authentication source is:
> https://graph.microsoft.com/v1.0/users/%USERNAME/memberOf
>
>
> Best regards
> Geert
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
[Attachment #5 (text/html)]
<div dir="ltr">Got a little further today.<br><br>We are using a Hybrid system. So we \
still have a local AD which syncs with Entra ID. I've noticed that I can't \
used securitygroups that were created on the Domain Controller and synced to our \
Intune tenant. <br>If I use groups that were created on Entra in Azure it \
works.<div><br></div><div>Is this the expected \
behavior?</div><div><br></div><div>Best regards</div><div>Geert</div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">Op ma 29 apr 2024 om 16:32 \
schreef Geert Heremans via PacketFence-users <<a \
href="mailto:packetfence-users@lists.sourceforge.net">packetfence-users@lists.sourceforge.net</a>>:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello<div><br></div><div>I've \
setup an Authentication Source connected to our Intune tenant. It's possible to \
check the credentials of users against this tenant.<br><br>When I try to setup an \
authentication rule using the "memberof " property (trying to check if user \
is member of a specific group) it fails). The username and password<br>are validated \
but Packetfence doesn't see if the user is part of the group.<br><br>I've \
tried both using the Groups member-id value as the normal name of the group. I've \
also both tried "contains" and "equals" as \
parameter.</div><div><br></div><div>Where can I start to diagnose the problem? Anyone \
else had this problem?<br><br>I've noticed the following in the API Audit \
screen:</div><div><br></div><div><span \
style="color:rgb(73,80,87);font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation \
Mono","Courier \
New",monospace;font-size:12.6px;white-space:pre-wrap">"user_groups_url": \
"<a href="https://graph.microsoft.com/v1.0/users/%!U(MISSING)SERNAME/memberOf" \
target="_blank">https://graph.microsoft.com/v1.0/users/%!U(MISSING)SERNAME/memberOf</a>"</span><br></div><div><br></div><div>Is \
there something wrong with the URL?</div><div><br></div><div>The users group URL in \
the authentication source is: <a \
href="https://graph.microsoft.com/v1.0/users/%USERNAME/memberOf" \
target="_blank">https://graph.microsoft.com/v1.0/users/%USERNAME/memberOf</a></div><div><br></div><div><br></div><div>Best \
regards<br>Geert</div></div> _______________________________________________<br>
PacketFence-users mailing list<br>
<a href="mailto:PacketFence-users@lists.sourceforge.net" \
target="_blank">PacketFence-users@lists.sourceforge.net</a><br> <a \
href="https://lists.sourceforge.net/lists/listinfo/packetfence-users" \
rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/packetfence-users</a><br>
</blockquote></div>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic