Antonio, > When a client associates to the AP, the controller uses PF as the RADIUS > server. It checks for the MAC, when it is not registered, PF returns the > Registration VLAN attribute, and the controller puts that client into the > registration subnet. PF poisons the DNS, and all the http requests get > redirected to the Registration page. So far so good? That's correct.
> > Now, let's say you need to have MAC auth and username/password > authentication. A registered client logs on. When the controller sends > the RADIUS request, PF sees that the node is registered and puts them in > the Registered VLAN. What about if now you want to send these users to a > captive portal to authenticate username/passwords after the MAC auth? How > are they moved from that "Registered" VLAN after MAC auth, to a VLAN with > access to the network and out to the internet after they authenticate with > username/password? How it works is: when the user is NOT registered, RADIUS will return the registration VLAN to the controller. Now, the only thing the user will be able to do is to hit the captive portal. At this point, the user needs to enter valid credentials to register its node. When the users successfully enters the credentials, PF will send a de-association call via SNMP to the controller, forcing the client to re-associate with the AP. When the node reconnects, RADIUS will see that the device is registered, and will return your production (or normal) VLAN. I hope this helps. Francois Gaudreault Inverse Inc. ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
