Le 07/10/2014 21:31, Fabrice DURAND a écrit : > Le 2014-10-07 15:04, denis bonnenfant a écrit : >> Le 07/10/2014 18:40, Fabrice DURAND a écrit : >>> Ok so your rule is correct. >>> >>> Did you added custom code in the vlan/custom.pm file ? >> Yes, I was previously using autoregister, but I comment it on back and >> replaced it by vlan_filter, so now I'm using the original file. >> >>> When the device connect on the secure SSID, what is the portal profile >>> it will hit and in this portal profile do you have your se3_utilisateurs >>> authentication source ? >> I haven't configured it, as with autoregistration for 802.1x Secure >> SSID, I guessed that 802.1x users would never be put on registration >> vlan and be caught by captive portal. Did I missed something ? Is portal >> configuration used for already registered devices and users too ? > In fact it can be important to create a portal profile for this secure ssid. > When packetfence try to match a role based on the username (What you did > manually with ./pftest authentication denis.bonnenfant password , it > matched the rule but authentication failed), by default it will use the > default portal profile. But if you add a portal profile based on the > secure ssid name then it will follow all the authentication sources you > configure on this portal and the first match win. > > So try to add a portal based on the ssid name and add only the Active > Directory Source. Ok I will try it tomorrow. > Also can you do a select * from node where mac="44:74:6c:50:25:e7"; and > paste the result. > >
mysql> select * from node where mac="44:74:6c:50:25:e7"; +-------------------+------------------+-------------+---------------------+---------------------+---------------------+---------------------+--------------+-------------------+--------+------------+--------------------------+-----------------+---------------------+---------------------+----------------------------+-------------+------+---------+-----------+ | mac | pid | category_id | detect_date | regdate | unregdate | lastskip | time_balance | bandwidth_balance | status | user_agent | computername | notes | last_arp | last_dhcp | dhcp_fingerprint | bypass_vlan | voip | autoreg | sessionid | +-------------------+------------------+-------------+---------------------+---------------------+---------------------+---------------------+--------------+-------------------+--------+------------+--------------------------+-----------------+---------------------+---------------------+----------------------------+-------------+------+---------+-----------+ | 44:74:6c:50:25:e7 | denis.bonnenfant | 1 | 2014-09-30 14:47:58 | 2014-09-30 15:20:39 | 0000-00-00 00:00:00 | 0000-00-00 00:00:00 | NULL | NULL | reg | | android-56f9a8211534e3c8 | AUTO-REGISTERED | 0000-00-00 00:00:00 | 2014-10-07 12:18:48 | 1,33,3,6,15,26,28,51,58,59 | | | yes | | +-------------------+------------------+-------------+---------------------+---------------------+---------------------+---------------------+--------------+-------------------+--------+------------+--------------------------+-----------------+---------------------+---------------------+----------------------------+-------------+------+---------+-----------+ 1 row in set (0.00 sec) ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
