Hello Jason,
in packetfence-tunnel file (for 802.1x) in the section authorize, use:
update request {
Tmp-String-0 := ¨EMPLOYEE¨
}
Then in the request forwarded to packetfence in the file
/usr/local/pf/lib/pf/radius/custom.pm write your own authorize and
_parseRequest function (copy it from radius.pm) and you should see
_parseRequest($radius_request) this function must return a new attribute
based of the radius attribute Tmp-String-0.
So with this new attribute you should be able to set a category for the
node and then associate a category to a vlan id (vlan/custom.pm
getNormalVlan)
Regards
Fabrice
Le 2013-04-19 11:24, Jason 'XenoPhage' Frisvold a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi there,
>
> I'm *almost* there with my packetfence implementation. At least,
> phase 1 .. I have RADIUS talking to LDAP now. The 802.1x user is
> passed to the ldap browser account, the full DN is returned, and then
> the user account is verified. The problem I'm having right now is
> that despite having a correct login, packetfence is still denying the
> user.
>
> I believe I still need just a bit more configuration in RADIUS to
> make this work. Specifically, my LDAP users are group members, and
> I'd like to have packetfence put the user into a specific VLAN based
> on group membership. I do this for our VPN concentrator by placing
> the group information into the RADIUS users file, something like this :
>
> DEFAULT Ldap-Group == "cn=employee,ou=groups,o=myorg"
> Class = EMPLOYEE
>
> EMPLOYEE is the name of the VLAN, which the VPN concentrator maps to
> a specific IP Pool for users. I can easily do this in RADIUS for
> packetfence, but I'm not sure how to map the class to the vlan on the
> packetfence side. Can someone please point me in the right direction?
>
> Thanks,
>
> - --
> - ---------------------------
> Jason 'XenoPhage' Frisvold
> [email protected]
> - ---------------------------
>
> "Any sufficiently advanced magic is indistinguishable from technology.\"
> - - Niven's Inverse of Clarke's Third Law
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlFxYb0ACgkQO80o6DJ8UvmITgCeO3f0c8O1/1bmW010mR4+OIlp
> 7hoAniq+389ip3EA4ADeDcUEFLp9hsfu
> =6leK
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
