>From looking at that file you linked me to the %username in my case is the
>AzureAD deviceID of the machine as that’s what I have set the certificate
>subject too. CN={{DeviceID}}.
That graph search is looking under users, so it won’t return any groups for my
device. It would just error out.
I imagine I could change that graph query in that file to one that searches
groups instead but would need to test.
Is there any planned support for device lookup?
Corey Keeling | Senior IT Technician
All support requests to
Parkside: [email protected]
Coleridge: [email protected]
Trumpington: [email protected]
CAST: [email protected]
Galfrid: [email protected]
Shared Services: [email protected]
[Image]
________________________________
From: Fabrice Durand <[email protected]>
Sent: Tuesday, October 31, 2023 6:06:11 PM
To: [email protected]
<[email protected]>
Cc: Corey Keeling (Shared Services - Staff) <[email protected]>
Subject: Re: [PacketFence-users] Query AzureAD Device Groups
You don't often get email from [email protected]. Learn why this is
important<https://aka.ms/LearnAboutSenderIdentification>
Caution: This is an external email and may be malicious. Please take care when
clicking links or opening attachments.
If i am not wrong the Azure AD test the user and not the machine
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Authentication/Source/AzureADSource.pm#L28
Regards
Fabrice
Le mar. 31 oct. 2023 à 13:23, Corey Keeling (Shared Services - Staff) via
PacketFence-users
<[email protected]<mailto:[email protected]>>
a écrit :
Dear community,
I have been setting up and testing out PacketFence for a number of weeks now
and have it setup so that users can authenticate to our BYOD network using
EAP-TLS. I also have it sort of setup to allow school azureAD devices to
connect to our curriculum network using machine certificates. The second part
only works if I don't set any conditions under my AzureAD authentication
sources.
I have tried to set a condition for membership of a AzureAD group using the
memberof option either with the Object ID of the group or it's display name,
but it doesn't seem to work. No role gets assigned so it fails to connect.
There doesn't even seem to be any audit log of PacketFence trying to query a
group on the app registration end.
I know I can query the graph API via graph explorer and can find the groups my
machine belongs too, but can PacketFence do something similar and if so, how?
The query that I used.
https://graph.microsoft.com/v1.0//devices(deviceId='{deviceid}')/memberOf<https://graph.microsoft.com/v1.0//devices(deviceId='%7B8df07f7e-d98e-4579-aa97-bfcfaaa7fe38%7D')/memberOf>
Regards
Corey Keeling | Senior IT Technician
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
