> On Feb 24, 2016, at 15:59 , BARÓCSI Gábor <gabor.baro...@qualysoft.com> wrote:
>
> Now the switchport went to Registration vlan, but I don't know understand
> why. I defined a Portal profile with the following conditions:
> 1. switch - switchIp
> Source: A defined ADauthentication (is user in a group)
> Provisioners: accept
> It is set that any of the conditions are met.
> In the switchconfig, there is: Role mapping by vlan ID, and I set up
> registration, isolation and a production vlan.
>
> How do I know why is that port set to the registration vlan? I don't
> understand the decision logic of packet fence. I've read the admin guide a
> few times, but I just don't get the point.
> I really understood it with your words :)
Hi Gábor,
You don’t really need provisioners.
Those are meant to autoconfigure devices, mostly on wireless.
The way do do this is to define a combination of Portal and sources.
Here is what I would do.
Start by making sure you have an Active-Directory source.
Add a catchall rule to it (meaning a rule that has no condition and will apply
to any request).
Set the action to assign a default role and a registration time.
Then make sure that the switch is configured to assign whatever vlan you want
for the "default" role.
Do that by mapping out roles to vlans in the PacketFence switches configuration.
Delete all portal profiles and start with just the default one.
Assign it the AD source you have configured.
Try connecting again.
The trick is to break it down into parts.
Don’t try to configure multiple profiles before you have the default one
working.
Don’t try to add complex authorization rules before you get the catchall rule
working.
Add one thing at a time and try it.
Read the logs (/usr/local/pf/logs/packetfence.log).
If nothing works, show us your conf/profiles.conf, conf/switches.conf as well
as your conf/authentication.conf files.
These define which authentication rules you have set and which profile should
apply to the incoming connection.
Good luck, and don’t give up!
--
Louis Munro
lmu...@inverse.ca :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
