Hi, I work for a local government authority in the uk and we are trying to develop a simple BYOD solution for our schools. We have an almost complete prototype built using PacketFence 3.x but we were interested in some of the new features in PF4 and so we developed a parallel system to test it out. For the prototypes, we have been concentrating only on an inline enforced system. We plan to look at VLAN enforcement in the future.
Active Directory integration is a must for our system as is guest access and we really like the guest sponsorship model which can be used to authorise guests but have had some trouble getting it to work correctly in PF4 - hopefully someone can offer us some advice. The structure of our system is a little unusual because of its nature. I have replaced our real domain names with examples which should illustrate our structure. Our internal users have email address such as [email protected] and so we set up our PacketFence server on a domain1.org domain. Our active directory domain is different to our email domain and is in the format subdomainB.subdomainA.domain2.org (notice the domain2 not domain1). Our admin users sit in the AD domain subdomainA.domain2.org. We have PacketFence (both versions) working brilliantly with our active directory structure but the guest sponsorship is causing us problems. Whenever a user attempts to register for guest access and enters [email protected] as the sponsorship email, they are informed that this user is not allowed to sponsor access. This was easily remedied in PF3.x by executing the following command on the PF server: htpasswd -d /usr/local/pf/conf/user.conf admin in conjunction with setting the sponsor_authentication=guest_managers setting in our pf.conf However, this does not work on PF4 and adding the sponsor_authentication line to pf.conf causes errors. I have tried configuring roles in PF4 with actions of 'mark as sponsor' and it doesn't seem to do anything. In addition to this, on the configuration -> portal profiles -> default page, guest sponsorship does not seem to be an option in the 'modes' box - we have had to add it in the pf.conf manually. Could you give me a quick rundown of how the new user roles and sources work with guest management and sponsorship to see if we are doing something wrong or are these features not available or functioning in PF4? We would really like to use v4 but at the moment we are forced to revert to 3.x. Also, where has the guest management portal gone in PF4? This was useful as we could allow certain users to only manage guests and not the portal itself. Is there an equivalent in PF4? I have included a censored version of our pf.conf below: [general] domain=domain1.org hostname=portal dnsservers=192.168.3.5,192.168.3.6 dhcpservers=127.0.0.1,192.168.3.5,192.168.3.6 timezone=Europe/London [trapping] passthrough=proxy redirecturl=http://start.domain1.org [guests_self_registration] mandatory_fields=firstname,lastname,email,sponsor_email [email protected] [passthroughs] AppleWifi=http://www.apple.com/library/test/success.html [alerting] [email protected] fromaddr=PacketFence<[email protected]> smtpserver=192.168.3.113 [database] pass=password [interface eth0] ip=192.168.3.199 type=management mask=255.255.252.0 [interface eth1] enforcement=inline ip=192.168.64.4 type=internal mask=255.255.252.0= ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
