Hi David, > We are currently looking at PacketFence as a potential replacement > for a VMPS based NAC solution we developed 10 years ago
That’s a good news! ;) > Just wondering if this is possible with PF, without breaking it and > making future upgrades difficult? Everything is possible, we just need to take the time to do it ! Sure thing is that modifications to fit a particular use case may be more difficult to port on upgrade compared to a vanilla installation without customization. One thing tho is that we try to make all the customization on a configuration land… That way, the codebase is not impacted but that is not always possible (even if I just said that everything is possible ;)) > Specifically, in our current solution we are able to add/delete > VLANs as a tenant comes and goes, then create individual user > accounts for each device being signed into that VLAN. One user can > only register a single device. What do you mean by “add/delete VLANs as a tenant comes and goes” ? Regarding the individual user account for each device being signed into that VLAN, PacketFence assign a user account for each device being signed in on the network since it is the purpose of the NAC. We can limit the number of device per user account used to register a device. > Our admin view currently focuses on an initial list of all the VLANs > currently active. We then click a VLAN and it lists every device > registered in that VLAN, along with the user the device is > registered to. > > It splits display between devices registered via user account versus > manual assignment (ie printers). > > We can then export a list of accounts (registered, free or combined > view) to CSV which we email to a staff member for the tenant. Since it is your very own custom developed app, it sure does exactly what you want it to do. The PacketFence web GUI doesn’t behave that way tho. We are listing all the devices that have been seen on the different networks PacketFence manage and allow the admin to query the info for these devices. >> From the registration side, the registration page first asks for a > user/pass combination (as created above). Once this has been > accepted, it asks for the individuals name and email address before > registering the device against that user and signing them in. The registration workflow is almost the same. It is also, very easy to customize to fits your needs. > Any assistance and guidance on whether this would be a feasible > mdofication appreciated. I can post screenshots of our system to > better explain if necessary :) Like said before, modifications are fairly easy to do. Sure thing, it will have to be ported on upgrades… Modifications to the registration workflow is something we usually see at all client sites. Modifications to the web GUI is less frequent and may require a little bit more work. I think the best way for you to see how PacketFence behave and if it can fits your needs would be to give it a try, which is fairly easy by spinning a ZEN appliance. http://www.packetfence.org/download/zen.html Give it a shot and don’t hesitate to ask. Cheers! dw. — Derek Wuelfrath [email protected] :: www.inverse.ca +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) > On Nov 22, 2014, at 23:12, David Rudduck <[email protected]> wrote: > > Hi, > > We are currently looking at PacketFence as a potential replacement > for a VMPS based NAC solution we developed 10 years ago, however to > make it work we'd need to be able to customize the way user > registration works, as well as how the nodes/users are displayed > from within the web GUI. > > Just wondering if this is possible with PF, without breaking it and > making future upgrades difficult? > > Specifically, in our current solution we are able to add/delete > VLANs as a tenant comes and goes, then create individual user > accounts for each device being signed into that VLAN. One user can > only register a single device. > > Our admin view currently focuses on an initial list of all the VLANs > currently active. We then click a VLAN and it lists every device > registered in that VLAN, along with the user the device is > registered to. > > It splits display between devices registered via user account versus > manual assignment (ie printers). > > We can then export a list of accounts (registered, free or combined > view) to CSV which we email to a staff member for the tenant. > >> From the registration side, the registration page first asks for a > user/pass combination (as created above). Once this has been > accepted, it asks for the individuals name and email address before > registering the device against that user and signing them in. > > Less important, though useful in our current solution, we display > user usage in the VLAN page against each user/device. The data comes > from the pmacctd daemon running on our firewall (pfsense), tied to > the devices mac address. > > The other aspect I've noticed we'd need to customise is to remove > the registration time window and deregistration period. We remove > users manually as they leave the tenant, or remove them all when the > tenant leaves by deleting the VLAN. > > Any assistance and guidance on whether this would be a feasible > mdofication appreciated. I can post screenshots of our system to > better explain if necessary :) > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
