If i am not wrong the Azure AD test the user and not the machine https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Authentication/Source/AzureADSource.pm#L28
Regards Fabrice Le mar. 31 oct. 2023 à 13:23, Corey Keeling (Shared Services - Staff) via PacketFence-users <[email protected]> a écrit : > Dear community, > > I have been setting up and testing out PacketFence for a number of weeks > now and have it setup so that users can authenticate to our BYOD network > using EAP-TLS. I also have it sort of setup to allow school azureAD devices > to connect to our curriculum network using machine certificates. The second > part only works if I don't set any conditions under my AzureAD > authentication sources. > > I have tried to set a condition for membership of a AzureAD group using > the memberof option either with the Object ID of the group or it's display > name, but it doesn't seem to work. No role gets assigned so it fails to > connect. There doesn't even seem to be any audit log of PacketFence trying > to query a group on the app registration end. > > > I know I can query the graph API via graph explorer and can find the > groups my machine belongs too, but can PacketFence do something similar and > if so, how? > > The query that I used. > > https://graph.microsoft.com/v1.0//devices(deviceId='{deviceid}')/memberOf > <https://graph.microsoft.com/v1.0//devices(deviceId='%7B8df07f7e-d98e-4579-aa97-bfcfaaa7fe38%7D')/memberOf> > > Regards > > *Corey Keeling *| *Senior IT Technician* > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
