Here is my scenario
I have radius setup against Active Directory. I have one user named
networkguest. When using 802.1x and the networkguest account, I want that
machine to not auto register and be put into the registration role. If the
machine has been registered then I want it to return the previous role.
Here are the rules in vlan_filter.conf that help me work this out:
[networkguest]
filter = user_name
operator = is
value = networkguest
[weap]
filter = connection_type
operator = is
value = Wireless-802.11-EAP
[4:weap&!networkguest]
scope = AutoRegister
role = registration
[nodestaff]
filter = node_info.category
operator = is
value = staff
[6:nodestaff&networkguest]
scope=RegisteredRole
role=staff
I have 5 different roles and right now and there would be 5 different rules
similar to the [6:...] rule. Is there a more efficient way to do this? Or
is there a way I can set the node_info.category as a variable? Or is there
a way to say roll=node_info.category?
Lupe Silva
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
