Are you referring to Radius COA? from what it seems, no... it looks like you're talking about AD COA.. meaning, when the user changes AD groups you'd want him to automatically change state?
Right now I think the only option would be some sort of script.. that performs the group membership change on AD and then, using the PF APIs, looks up the user's devices and triggers a "reevaluate access" On Mon, Nov 20, 2023 at 11:09 AM Giuliano Da Dalt via PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: > > Good morning, we are looking for the solution to this case. > Currently, to block students' internet browsing from personal devices, we use > a Captive Portal. > This technology is no longer applicable as complete segregation of the device > from any client, even the internal network, is a problem. > We know that white-listing can be done but it is no longer sufficient, > especially in the case of external services. > Our idea is to use VLANs: one that allows complete internet access, the other > with internet access but with very limited bandwidth (this way push > notifications, RMM and updates continue to work). > To switch from one VLAN to another we want to use the COA feature. > > We did several tests with our Ruckus APs and PacketFence. > We are very close to our goal, but 1% missing. > If we disconnect and reconnect client COA works like a charm. > We were therefore not able to obtain the same result when the client is > already connected beacuse we don't find a way to make PacketFence check > regularly if a user status changes (AD group change). > > Giuliano Da Dalt > Ufficio informatico - Bearzi > Tel. 0432-493983 > Int. 983 > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
