Hello Mathieu, The user AD source does a look up on samAccountName and the computer source does a look up with ServicePrincipalName those are two different things. You can match one at the time meaning:
Computer login on the domain = Computer authentication User login on the domain = User authentication The 802.1x supplicant needs to be configured to do both authentication. Here what I advise you to do: Create one AD source with principal attribute = samAccountname then add search attribute = ServicePrincipalName. Then create a rule name computerAuth that does a look up on condition servicePrincipalname start with host/, assign a computer role. Create another rule for example to match on your user like memberof equals DISTINGUISHEDNAME-OF-A-GROUP return role Staff. So with one source you could match users and computers. Make sure the device engages Computer Auth AND user authentication when the user logs in. Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Jan 18, 2022, at 4:17 AM, Mathieu Valois via PacketFence-users > <[email protected]> wrote: > > Hello, > > I would like to authenticate both machine and user using an AD authentication > source. I've made 2 authentication sources: one for machine and one for > users, following the installation guide. > > In the Standard Connection Profiles I've set the both sources and used an ALL > (AND) operator. However it looks like only the first matching source is used. > > Is it expected? > > Thank you for your help, > > -- > <MDdkJhLo6CgYFu8x.png> > <https://urldefense.com/v3/__https://www.teicee.com/?pk_campaign=Email__;!!GjvTz_vk!Gk6qQsfJSQEo7SbSOBPX5DfTSZ1QK2T69A58mvR_NODUgY-2cNJsJm-_VKECDYWT$> > Mathieu Valois > Bureau Caen: Quartier Kœnig - 153, rue Géraldine MOCK - 14760 > Bretteville-sur-Odon > Bureau Vitré: Zone de la baratière - 12, route de Domalain - 35500 Vitré > 02 72 34 13 20 | www.teicee.com > <https://urldefense.com/v3/__https://www.teicee.com/?pk_campaign=Email__;!!GjvTz_vk!Gk6qQsfJSQEo7SbSOBPX5DfTSZ1QK2T69A58mvR_NODUgY-2cNJsJm-_VKECDYWT$><zXQgUtk0rgAZZaFb.png> > > <https://urldefense.com/v3/__https://www.facebook.com/teicee__;!!GjvTz_vk!Gk6qQsfJSQEo7SbSOBPX5DfTSZ1QK2T69A58mvR_NODUgY-2cNJsJm-_VEPyuRvg$> > <hURYnnFL0yTTPX0a.png> > <https://urldefense.com/v3/__https://twitter.com/Teicee_fr__;!!GjvTz_vk!Gk6qQsfJSQEo7SbSOBPX5DfTSZ1QK2T69A58mvR_NODUgY-2cNJsJm-_VNwFeith$><0PehPQD0bSJrXsPX.png> > > <https://urldefense.com/v3/__https://www.linkedin.com/company/t-c-e__;!!GjvTz_vk!Gk6qQsfJSQEo7SbSOBPX5DfTSZ1QK2T69A58mvR_NODUgY-2cNJsJm-_VIq-SVFI$> > <l5R9ar0Nx6hgxZtC.png> > <https://urldefense.com/v3/__https://fr.viadeo.com/fr/company/teicee__;!!GjvTz_vk!Gk6qQsfJSQEo7SbSOBPX5DfTSZ1QK2T69A58mvR_NODUgY-2cNJsJm-_VBaz58ef$> > <FXBh0PLSKkZ8pPLJ.png> > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!Gk6qQsfJSQEo7SbSOBPX5DfTSZ1QK2T69A58mvR_NODUgY-2cNJsJm-_VCvC0oea$ >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
