Thanks Fabrice, that looks really helpful, but I don't think this will work for
version 3.x as there are no role based rules.
I've found a way to do this in freeradius for now, but I'll look to put your
version in place for when we move to version 4.
Cheers,
Andi
From: Fabrice DURAND [mailto:[email protected]]
Sent: 27 February 2014 13:12
To: [email protected]
Subject: Re: [PacketFence-users] Block user based on username, not mac address
Hello,
in fact it can be possible on the authentication process.
Imagine you authenticate on an active directory (portal or dot1x autoreg).
On you portal profile you define a rule like:
samaccountname equal rboudboul
set role Refuse
And in you switch configuration the role Refuse is equal to -1.
What happen is when the user will try to authenticate then packetfence will
refuse this user.
By the way you must apply this patch:
https://github.com/inverse-inc/packetfence/commit/584682ae37973f6eee21db6ae541e536ad95e044
For the violation, it doesn´t exist but it really simple to add.
Regards
Fabrice
Le 2014-02-27 05:10, Morris, Andi a écrit :
Hi,
I'm looking for a way to block individual users by username using packetfence
violations if possible. I've had a look around the documentation, but I can
only see ways to block by mac address, using the stolen device violation.
Is this something that is possible in Packetfence or do I need to do something
in FreeRadius to block these users? Packetfence would be preferable as it is
more manageable by our support staff than freeradius.
I'm running version 3.3.2 in production, but I have 4.1 in dev at the moment
and hoping to upgrade this summer.
Cheers,
Andi
-------------------------------------
Andi Morris
IT Security Officer
Cardiff Metropolitan University
T: 02920 205720
E: [email protected]<mailto:[email protected]>
--------------------------------------
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
