Hey all,
A bump of an old topic, but it still seems to be the case. Somewhere since
version 5.0.1 the vlan_filters has changed as it works as below in that
version, but I couldn't get it to work with version 5.7.0 or now with 6.0.
I can get a positive match using 'user_name' and 'regex' as you can see from
the previous emails, however I used to use a 'match_not' with 'username' and
this is no longer recognised. Is there a similar syntax change that I can do
make this rule work?
[visiting_user]
filter = username
operator = match_not
value =
^(.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.[Aa][Cc]\.[Uu][Kk]$|.+@[Uu][Ww][Ii][Cc]\.[Aa][Cc]\.[Uu][Kk]$<mailto:.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.%5bAa%5d%5bCc%5d\.%5bUu%5d%5bKk%5d$|.+@%5bUu%5d%5bWw%5d%5bIi%5d%5bCc%5d\.%5bAa%5d%5bCc%5d\.%5bUu%5d%5bKk%5d$>)
Cheers,
Andi
From: Morris, Andi [mailto:[email protected]]
Sent: 03 March 2016 13:54
To: [email protected]
Subject: Re: [PacketFence-users] autoreg with vlan filter not working
Bingo! Thanks Fabrice.
From: Fabrice DURAND [mailto:[email protected]]
Sent: 03 March 2016 13:34
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] autoreg with vlan filter not working
let's try with regex but user_name instead of username.
Fabrice
Le 2016-03-03 08:19, Morris, Andi a écrit :
Hi Fabrice,
No luck there sorry. I changed that, restarted packetfence, packetfence-config
and also performed a configreload hard but I still see the following in the
packetfence.log:
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] handling radius
autz request: from switch_ip => (192.168.142.13), connection_type =>
Wireless-802.11-EAP,switch_mac => (00:3a:98:d0:1e:c0), mac =>
[30:10:b3:13:be:37], port => 13, username =>
"[email protected]"<mailto:[email protected]>, ssid =>
eduroam_dev (pf::radius::authorize)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] is of status
unreg; belongs into registration VLAN (pf::role::getRegistrationRole)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] (192.168.142.13)
Added VLAN 60 to the returned RADIUS reply
(pf::Switch::returnRadiusAccessAccept)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] (192.168.142.13)
Returning ACCEPT with VLAN 60 (pf::Switch::returnRadiusAccessAccept)
Cheers,
Andi
From: Durand fabrice [mailto:[email protected]]
Sent: 03 March 2016 12:29
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] autoreg with vlan filter not working
Hi Andi,
replace match by regex.
Regards
Fabrice
Le 2016-03-03 06:43, Morris, Andi a écrit :
Hi,
Running version 5.7.0 on CentOS.
I'm trying to get autoreg working through vlan_filters like I have on my 5.0.1
production install but it doesn't seem to be taking effect and new devices are
being sent into the registration network after a radius access-accept message.
My vlan filter is as below, which is directly lifted from my 5.0.1 config. Has
anything changed with vlan filters? I've tried switching 'match' for 'regex' as
I've seen that mentioned in the documentation and on this list. The only major
different in my config on the newer version is that I'm using the built-in
domain/realm config in the GUI, which I didn't do on my 5.0.1 install. I'm not
sure if that has a bearing as I'm trying to filter on the realm name.
[home_user]
filter = username
operator = match
value =
^(.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.[Aa][Cc]\.[Uu][Kk]$|.+@[Uu][Ww][Ii][Cc]\.[Aa][Cc]\.[Uu][Kk]$<mailto:.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.%5bAa%5d%5bCc%5d\.%5bUu%5d%5bKk%5d$|.+@%5bUu%5d%5bWw%5d%5bIi%5d%5bCc%5d\.%5bAa%5d%5bCc%5d\.%5bUu%5d%5bKk%5d$>)
[autoreg:home_user]
scope = AutoRegister
role = eduroam_home
realm.conf is:
[cardiffmet.ac.uk]
domain=myDomainlabel
options=strip
[uwic.ac.uk]
domain= myDomainlabel
options=strip
Cheers,
Andi
-------------------------------------
Andi Morris
IT Security Officer
Cardiff Metropolitan University
T: 02920 205720
E: [email protected]<mailto:[email protected]>
--------------------------------------
________________________________
[Image removed by sender. Cardiff Metropolitan University
- 150 years of nurturing talent]<http://www.cardiffmet.ac.uk/cardiffmet150>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
