Olivier said:
> add something in pf::web::custom to categorize the node based on domain using
> a regexp on the username then modify pf::vlan::custom to return VLANs based
> on said categories
Actually Inverse already did something very similar for me they helped me make
the following change to my vlan::custom file:
if (defined($user_name) && $user_name =~ /\@umhb/i) {
return $switch->getVlanByName('customVlan1');
} elsif (defined($user_name) && $user_name =~ /\@cru/i) {
return $switch->getVlanByName('customVlan2');
}
This should have the net effect of returning cutomVlan1 for my users in the
umhb.edu domain and customVlan2 for the users in my Cru domain. My problem is
that I don't seem to be getting that far. The user is accepted (right now the
user is accepted no matter what but I am looking into that) but for some reason
it doesn't seem like FR is telling PF that the user is good to go and to accept
them.
Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
-----Original Message-----
From: Olivier Bilodeau [mailto:[email protected]]
Sent: Tuesday, May 17, 2011 9:08 AM
To: [email protected]
Subject: Re: [Packetfence-users] Trouble with RADIUS and Captive Portal auth
On 17/05/11 10:01 AM, Sallee, Stephen (Jake) wrote:
> I agree that if the users were on the local box authen::local would be the
> best choice, but all of my users are in our AD. What I need the captive
> portal to do is authenticate them against our AD and assign them a vlan based
> on the domain in the username.
AD authentication should be done with the authentication::ldap module.
I'm pretty sure it's covered in one of our guides.
Domain-based VLAN assignment will need a bit more work.
You could:
a) create several authenti...:ldap with one for each domain and there would be
a drop down available on the captive portal to chose the domain then you alter
the pf::web::custom to categorize the nodes properly then modify
pf::vlan::custom to return VLANs based on said categories
b)
- add something in pf::web::custom to categorize the node based on domain using
a regexp on the username then modify pf::vlan::custom to return VLANs based on
said categories
--
Olivier Bilodeau
[email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc.
:: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability What every C/C++ and
Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools to help
boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
