Hi,
I'm new to PF, but after some tinkering I've got it up and running on one of my
servers. Currently I'm running PF in routed (i.e., no NAT) inline mode: one NIC
for the user LAN gateway and the other NIC going out to the Internet.
Everything now appears to be working as expected as I can register users,
authenticate, access the Internet, etc.
However, I've been asked to grant access to a list of hosts/nodes on the
network without requiring them to authenticate against the captive portal, and
I'm wondering what's the best way to do this. I'm thinking either 1) enable
gaming registration mode and register the machines as "gaming devises", 2) add
custom rules to iptables, or 3) use FreeRADIUS and authenticate against their
MAC address. Here are a few of my thoughts regarding each option.
Option 1, how can I mass-import a list of MAC addresses so this doesn't have to
be done manually? Also, using the gaming registration method it might be
confusing to the people who will administer the portal as none of the nodes are
"gaming devices;" is there a way to change the name or URL they use to access
the portal (to register new MAC addresses) to something other than
"/gaming-registration" without breaking future PF updates?
Option 2, we've got this running similarly in another environment, but I'm
concerned about having to restart iptables every time we make a change to the
list and how access to current users is affected during that short period.
Option 3, MAC addresses that match a list get authenticated, while others must
try the other authentication sources already implemented. I'm not quite sure
where to begin with this one. If feasible, any ideas?
I'm open to other options, just trying to figure out what would be the best
approach.
Thanks!
-gnu
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
