Hello,There is no separation between the vlan id and the role right now in the code. You can check this one and copy the function returnRadiusAccessAccept and paste it in your Aruba.pm file.
https://github.com/inverse-inc/packetfence/blob/feature/external_captive_portal/lib/pf/Switch/Aruba.pm Regards Fabrice Le 2014-01-21 07:19, Seal, Solomon a écrit :
Leaving out the VLAN number causes a radius reject (FAIL) message. you must have a numeric VLAN ID for packetfence to allow an accept message to be sent. To set a VLAN via the role in aruba you just set the VLAN ID in the role details. This might require the policy enforcement firewall license per AP. [cid:[email protected]] On Jan 21, 2014, at 5:19 AM, Jason Frisvold <[email protected]<mailto:[email protected]>> wrote: Seal, Solomon wrote: I'm attempting to use packetfence with our Aruba7210 wireless controller. It currently authorizes against AD and returns the following relevant radius attributes: Aruba-User-Role = "Admin" Tunnel-Private-Group-Id:0 = "300" The Aruba controller successfully receives both of these. The problem begins when I want to act on the supplies role. We have an Admin role per building, each with separate VLANs. Normally the aruba controller applies these VLANs via the role. However when the tunnel-private-group-id is supplied it overrides the role provided clan, not what I would have chosen to do but it's not my code. Is there a way to setup packetfence so that it doesn't send the tunnel-private-group-id so that it will send a non-numeric id? In both of these scenarios the Aruba controller can be adapted to correctly apply the VLAn via the role. If I remember correctly, when you set up the switch in packetfence you can enter both the role and the vlan ID. Just leave out the Vlan and it won't send it. I tried the same thing and was unable to make this work. I'm curious how you have the Aruba placing users in the correct vlan via just the role name. Thanks in Advance, Solomon -- --------------------------- Jason 'XenoPhage' Frisvold [email protected]<mailto:[email protected]> --------------------------- "Any sufficiently advanced magic is indistinguishable from technology.\" - Niven's Inverse of Clarke's Third Law ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
-- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
