Thank you, Andrew, This is exactly what I tried when Ludovic replied me and showed his rule but initially I couldn’t add a rule with an empty condition.
I then deleted the source and recreated it with a rule looking like this, i.e. no condition and simple REJECT at the top. Will test it tomorrow from office From: Andrew Jones via PacketFence-users <[email protected]> Sent: Monday, November 08, 2021 7:27 PM To: [email protected] Cc: Andrew Jones <[email protected]> Subject: Re: [PacketFence-users] AD user group in the authentication source On 2021-11-09 09:46, E.P. via PacketFence-users wrote: Hello, Trying to reach out again in the attempt to get some ideas or insights. My problems are still the same with conditions in the authentication source. Problem number one. I want to have an authentication rule that looks like this (Non-Staff-WiFi) PF doesn’t like “not_equals” operand Problem number two: If I have only one authentication rule, i.e. Staff-WiFi as shown above, any user who successfully authenticates but not a member of the said AD group still gets access and assigned the Staff-WiFi role Eugene Hi Eugene, not_equals doesn't seem to make sense in the context of checking whether a user is a member of a group, because it's not a 1:1 relationship. Can't you simply leave the condition empty (keep the rule, but remove the group check) for the second rule, and make it a catch-all that way? My understanding is that the first match wins and processing stops. Andrew
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
