-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/19/2013 11:41 AM, Fabrice DURAND wrote:
> Hello Jason,
> 
> in packetfence-tunnel file (for 802.1x) in the section authorize,
> use: update request { Tmp-String-0 := ¨EMPLOYEE¨ }

How would I handle multiple different groups?  We have EMPLOYEE, LAB,
ADMIN, etc...  Will something like this work?

switch Ldap-group {
        case "cn=employee,ou=groups,o=myorg" {
                update request {
                        Tmp-String-0 := ¨EMPLOYEE¨
                }
        }
        case "cn=lab,ou=groups,o=myorg" {
                update request {
                        Tmp-String-0 := ¨LAB¨
                }
        }
etc...
}

> Then in the request forwarded to packetfence in the file 
> /usr/local/pf/lib/pf/radius/custom.pm write your own authorize and
>  _parseRequest function (copy it from radius.pm) and you should see
>  _parseRequest($radius_request) this function must return a new
> attribute based of the radius attribute Tmp-String-0.

So essentially I should check $radius_request->{'Tmp-String-0'}, match
on the appropriate value, and then return a new attribute, $vlanname
maybe?  Just tack that on to the end of the existing return?

> So with this new attribute you should be able to set a category for
> the node and then associate a category to a vlan id (vlan/custom.pm
>  getNormalVlan)

And then the return from the previous will map here to the vlan I
need..  Specifically, I'm looking to use the "name" of the vlan in
packetfence, so normalVlan, customVlan1, etc. ?

> Regards Fabrice

- -- 
- ---------------------------
Jason 'XenoPhage' Frisvold
[email protected]
- ---------------------------

"Any sufficiently advanced magic is indistinguishable from technology.\"
- - Niven's Inverse of Clarke's Third Law
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFxg7MACgkQO80o6DJ8UvnnlgCffq4H5D2twd9Y6t1XYEELQffL
FvoAoIAVqaPmkLHQL6c2LHUunpGHhmBg
=N7nA
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to