Hi guys, I would like know where I can set on packetfence a single login for each user created by self registration. Using demouser I notice that I can use different device with the same credential.
Thanks in advance for your help -----Messaggio originale----- Da: Francois Gaudreault [mailto:[email protected]] Inviato: martedì 4 settembre 2012 19:36 A: [email protected] Oggetto: Re: [PacketFence-users] Dealing with rogue hubs Hi Rich, > > One thing for which I'm not adequately prepared is the person who brings a > switch or a wireless router in bridging (versus NAT) mode. If the bridge > chooses to participate in spanning tree, then BPDUGuard will shut them down; > but if they don't, then what I observe is rapid cycling among the various > MACs on the port. First, this is something we have been asked many times, but I do not have a fully working workaround using port-security. With MAB/802.1X, you have more options. > > I isolated a few by grepping the log: > > egrep ' pfsetvlan.+ INFO: authorizing .+ at new location ' > ~pf/logs/packetfence.log|perl -pe 's/.+at new location //'|sort|uniq -c|sort > -rn|head -33 > > Then I put them in violation state. This doesn't stop the flapping, but > hopefully it gives them a chance to see what's going on and fix it. Is there > a better way to handle this? Using MAB and multi-domain (or single host) could put the port into err-disabled if multiple macs are seen in the "data" domain/vlan. Using syslog, you could be alerted. > > I don't think I want to set trap_limit because it would deny new connections > to any user of a switch where one user is misbehaving. True, but still, all the person currently authorized would stay authorized. Just the new ones would be impacted. Thanks! > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ----- Nessun virus nel messaggio. Controllato da AVG - www.avg.com Versione: 2012.0.2197 / Database dei virus: 2437/5249 - Data di rilascio: 04/09/2012 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
