Hi Henning,
This looks good.
Only thing is that you cannot 'configure' the portal IP in pfdns.
You would need to change it in the code directly.
PacketFence is not supporting it natively but a few adjustments will
most likely make this work
One thing you could do as an alternative to leverage an external
database is use the PacketFence portal but with an HTTP source which
will do a call to your API to validate if a user/password can be used.
The Administration guide contains a section dedicated to this.
Cheers
- Julien
On 02/19/2016 02:49 PM, Henning Els wrote:
I’m creating a PoC whereby I want to use PacketFence as an inline
NAC. What makes this deployment special is that I have to use an
external captive portal.
I believe the following steps are needed and wanted to run it by the
forum to see if I’m lost in crazy town.
·Configure PF to always allow traffic from my LAN to the captive
portal address (passthrough)
·Configure PF DHCP to return a DNS of PacketFence server
·Configure pfdns to resolve all domain name requests to the IP address
of the external captive portal
oThis would only have to be true for non-existent or ‘unregistered’
devices.. so I guess I’m not sure how to configure this
·Users uses the external captive portal to log in, using its own user
database
·Upon successful login, the external captive portal calls the
PacketFence API functions to register the Node (api.pm)
·As a result PacketFence updates its iptables to allow access for the
device
Any thoughts on this? Major stumbling blocks, functionality that I
would lose? Is it a gross misuse, or perhaps already supported?
On the surface it seems reasonable: use PacketFence as the NAC engine
with my own captive portal.
Thank you much,
Henning
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Julien
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
