Hello Juan,
1: yes it´s possible.
2: From freeradius you can search a specific attribute and update the
request. Packetfence will receive this new attribute in radius.pm
(better to write your custom function in radius/custom.pm) and make test
that will assign a category to your node.
After in vlan.pm (vlan/custom.pm) you can return a customVlan based on
the node´s category.
One thing you have to know to not waste your time, if you try to make a
ldap query that try to assign memberof to a radius attribute, then forget.
The other option is to use a perl script (Net::LDAP) that search in ldap
and assign the category in radius.pm then vlan.pm ...
3: Take example of code in /usr/local/pf/conf/authentication/ldap.pm to
make your ldap search. A thing to know is that the custom.pm file has
been made to write your custom code, so per example copy the function
you need to modify from radius.pm and paste it in radius/custom.pm.
Regards
Fabrice
Le 2014-01-10 16:48, Juan Camilo Valencia a écrit :
Hi Guys,
This will be a little bit long e-mail but is necessary to in order to
don't lose the detail and acquire what I need to.
We have PF 3.3.2 installed in our production environment (We know is a
really old version but right now upgrade is not a solution). The
server is joined to the Active Directory and is used to authenticate
part of the users, the other part use MOTP-AS. All this is achieved
through RADIUS configuration.
Recently We have the requirement to put in a different VLAN the
providers which are the users that authenticate against a MOTP-AS, we
can create a category to assign that VLAN, however there are some
providers that authenticate against AD and those We can't distinguish
from employees to assign the category dynamically (Manually is almost
impossible, input and output is constantly) . The only Idea that have
been read is using Free-Radius and some LDAP queries to assign a
particular VLAN based on AD Group, I don't have the how to right now
but i will continue searching. My questions are.
1. Is possible to do this with packetfence at this time?
2. Exist guidelines about to achieve this feature? for example assign
a category to a user, and consequently a particular VLAN, based on
LDAP-queries from Free-Radius and Packetfence?.
3. This feature depends only to Free-Radius or exist code in
Packetfence to adapt to this feature? The idea is try to adapt part of
the code to the PF version that We have.
I appreciated your opinions and help about this topics.
Best Regards from Colombia
--
JUAN CAMILO VALENCIA VARGAS
Ingeniero de Operaciones
SeguraTec S.A.S
Calle 11 # 43B-50 of 307
Medelllín Colombia
*"Choose a job you love, and you will never have to work a day in your
life"*
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
