Hello All, I am trying to set up a network for some offices for community training. We have about 8 rooms, 5 are to be used for training labs and 3 for offices. Currently, we managed to get a few (4) old Cisco 2960 - 48 Port switches and some Unifi AP AC PRO. We have OPNsense setup as our firewall/router and Zimbra server which comes with LDAP. I currently have Packetfence installed and running fine, yet to be fully configured for anything. I have read the documentation very well and seen all the devices we have available are currently supported. However, I have some questions and would like to hear from the community about it. So I manage my expectations or know what to do.
1. I need to set up a captive portal with the following requirements. a. Profile for Instructor authenticate with Zimbra - LDAP credentials - 12-hour session expiry in a specific b. Students/Community members authenticate unique tokens which can expire in 5 hours on days of training. For example. each student in the Python community/class can use a generated token or ID sent to their email to authenticate. But we want to do the registration from our end so they only enter the token provided or use their email that we have enrolled in Packetfence to authenticate. So not just anybody can authenticate with their email. One they do, they are assigned a profile that works for a specific time and days in the week Tuesdays and Fridays in this case. They are also placed in a VLAN for the physical lab they are working in, like VLAN 300 for lab 3. c. A guest profile for guests to log in with a token we generate for them. 2. Is it advisable to run my Unifi controller / Network Application on the same box as Packetfence? I know I would need to make some changes to the ports of Unifi and iptables rules. but I just want to know if it's a good practice. 3. I currently have all our network devices on a VLAN 1000 as management network. Would that be a problem for Packetfence? especially working with unifi network application and the access points. With this is it better to enrol the unifi devices using mac address rather than IP? as the documentation mentions it is possible with either. 4. Will I end up with different captive portals for each portal scenario/profile or 1 captive portal with different options for authentication? Or a different SSID for each auth profile? Any information, suggestions or experience shared would be greatly appreciated. Warm regards, Rexford A. Nyarko.
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
