Hello Lupe,
you are true, i have to check in the custom.pm, just uncomment
shouldAutoRegister like that:
sub shouldAutoRegister {
#$mac is MAC address
#$switch_in_autoreg_mode is set to 1 if switch is in registration mode
#$violation_autoreg is set to 1 if called from a violation with
autoreg action
#$isPhone is set to 1 if device is considered an IP Phone.
#$conn_type is set to the connnection type expressed as the
constant in pf::config
#$user_name is set to the RADIUS User-Name attribute (802.1X
Username or MAC address under MAC Authentication)
#$ssid is set to the wireless ssid (will be empty if radius and not
wireless, undef if not radius)
my ($this, $mac, $switch_in_autoreg_mode, $violation_autoreg,
$isPhone, $conn_type, $user_name, $ssid, $eap_type) = @_;
my $logger = Log::Log4perl->get_logger();
$logger->trace("asked if should auto-register device");
# # handling switch-config first because I think it's the most
important to honor
# if (defined($switch_in_autoreg_mode) && $switch_in_autoreg_mode) {
# $logger->trace("returned yes because it's from the switch's
config");
# return 1;
#
# # if we have a violation action set to autoreg
# } elsif (defined($violation_autoreg) && $violation_autoreg) {
# $logger->trace("returned yes because it's from a violation with
action autoreg");
# return 1;
# }
#
# if ($isPhone) {
# $logger->trace("returned yes because it's an ip phone");
# return $isPhone;
# }
#
# # custom example: auto-register 802.1x users
# # Since they already have validated credentials through EAP to do
802.1X
if (defined($conn_type) && (($conn_type & $EAP) == $EAP)) {
$logger->trace("returned yes because it's a 802.1X client that
successfully authenticated already");
return 1;
}
# otherwise don't autoreg
return 0;
}
Fabrice
Le 2014-04-10 19:22, Lupe Silva a écrit :
I am in the process of testing PF. I am able to utilize port security
on the switches getting the portal page to log in and get to the
appropriate vlan. I am using AD and assigning roles and vlan's based
upon their OU.
When I utilize 802.1x I am to get the workstation to authenticate via
8021.x but it send them user to the registration vlan.
I as assuming that 802.1x would send the user id to the users sources
and find the user in AD and assign the appropriate role and vlan? Is
this a correct assumption or will I have to create a custom.pm
<http://custom.pm> for making this work
Thanks in adavace
Lupe Silva
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
