Ritter, Nicholas wrote: > I hope I didn't come off as critical or bashing in my initial post. I agree > that PacketFence is wonderful and worth every effort to support as well as > implement. I have had tremendous success with it.
Nope.. All is good. > I am finding it a bit difficult to separate out the configuration of the web > interface and user permissions/authentication that are specific to > administrating PacketFence from the same topics for end-user registration. We > currently implement PacketFence v2 and we intentionally don't operate it with > end-users registering devices. We have IS staff log in to the Web admin UI > and register devices. We are changing this setup a bit as well as > implementing the snort and openvas integrations. We will need to have a LDAP > authentication for the Web-based administration that looks at a specific > MemberOf association, and the end-user registration would not need the > MemberOf association. The same rules and sources for end-users can be used for admin access to the PF interface. Just have the rule set the access level to all. And, of course, make sure end-users don't get caught by that rule.. :) Also be aware that you can't currently add new nodes to PF via the web interface. There's a bug open on this that I'm hoping gets implemented sometime soon.. *COUGH*INVERSE HINT*COUGH* > Regarding the rules creation in the user sources, there were no entries in > the log at all. The rule shows up after creating it, but if I hit save, go > back to user sources the rule is gone. I was intending to use the rules in > the user source area for assigning privileges to users who need to access the > management interface of PF, which may not be the right place to do that. In > PF v2, I had to manage the user authentication and privilege system for the > admin interface in a separate place than the registration portal. Is this > still the case? Nope, same place now. Not sure what's causing the rules to vanish, though.. that seems odd. > I see the config files in in /usrlocal/pf/conf, but I am nervous about > editing them because I don't know which will get overwritten by some part of > the PF UI. Most of them get overwritten. BUT.. If you edit via the command line and then make changs in the gui sometime later, it's usually ok. The GUI reads the files and changes are reflected in the GUI. > Also, if I edit the /usr/local/pf/conf/iptables.conf to add some rules, what > is the best way to commit the changes. Doing a "service iptables restart (or > reload)" would load the rules in /etc/sysconfig/iptables. I could edit the > centos-boxed init script to point to /usr/local/pf/conf/iptables.conf, but I > wanted to see what the best way to do it was first. Uh... I'm not 100% sure. If you issue a "/usr/local/pf/bin/pfcmd service pf restart" that will definitely do it. Likewise, if you restart services via the GUI, that should do it as well. > The authentication order in the conf file did not have LDAP first. I reorder > it, but the web interface had it listed first. And is editing the file > directly the thing to do? Yeah.. So the reordering in the web piece ... Not sure what's up there. I know that SMS and Email are at the bottom of the screen, but there doesn't seem to be a way to reorder at the moment. I believe there's a bug open on this one as well. And yes, direct editing is ok. Just make a backup of the file first, just in case. > Nick -- --------------------------- Jason 'XenoPhage' Frisvold [email protected] --------------------------- "Any sufficiently advanced magic is indistinguishable from technology.\" - Niven's Inverse of Clarke's Third Law ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
