Hello Paul,
What you can probably do is the following:
In the role section let's use the 10 value for student and teacher (Only
10 registered devices are allowed per user).
I suppose you are using an Active Directory as authentication source and
you use it to associate the roles.
So let's have a look first in raddb/modules
edit ldap then add (Feel free to adapt it) :
ldap ldap_ad_user {
server = "info.acme.ca"
identity = "CN=admin,DC=acme,DC=ca"
password = password
basedn = "DC=info,DC=acme,DC=ca"
filter = "(sAMAccountName=%{User-Name})"
scope = "sub"
base_filter = "(objectclass=user)"
password_attribute = NT-Password
}
then in packetfence-tunnel (in conf/radiusd/packetfence-tunnel) in
authorize section:
update request {
Tmp-String-1 :=
"%{ldap_ad_user:ldap:///OU=Users,DC=acme,DC=ca?
eduPersonPrimaryAffiliation?sub?sAMAccountName=%{User-Name}}"
}
if (Tmp-String-1 == "student") {
update control {
Simultaneous-Use := 3
}
}
elsif (Tmp-String-1 == "teacher") {
update control {
Simultaneous-Use := 5
}
}
# else {
# update control {
# Simultaneous-Use := 0
# }
# }
So with this configuration, only 10 devices are allowed to be registered
per user.
Then if the attribute eduPersonPrimaryAffiliation contain student then
only 3 devices can be connected at the same time and if it contain
teacher then only 5 devices can be connected at the same times.
This setup is not exactly what you want but it's close.
Regards
Fabrice
Le 2015-08-01 01:29, Polar Geek a écrit :
Hello all,
While my main issue is being looked into I have an additional question.
Basically what I want to know is this. If I have set a user account to
allow only 1 registered device and they want to register a
new/replacement device before the existing registration expires. How
does the end user accomplish this.
In several other captive portal solutions I have used either as an
admin or end-user, if a user logins into a new device it automatically
disables the existing device. PacketFence instead seems to just deny
the new device with no recourse for a replacement. Am I missing
something like a setting that would change this behaviour?
Effectively what I would like is to allow my students and teachers to
use only specific number of non-school provided devices
simultaneously. Students might legitimately need to use a laptop,
tablet or phone on our network at any given time. But I don’t want all
those devices live the moment they enter the school. Just the one
they’re actually using.
Thanks in advance.
Paul Taylor
Luther College High School
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users