Hey Andi,
In PF 5.5.0 match and match_not was changed from a regex to a just a
match or not a match.
There is a new operator regex but regex_not operator slipped through the
cracks until now!
You can apply the following patch to add support for the regex_not operator.
cd /usr/local/pf
curl
https://github.com/inverse-inc/packetfence/commit/0dd1dd63e7fe3493e50bf94d557161df577704a9.diff
| patch -p1
However if you do not want to patch your install you can do the following.
[visiting_user_not]
filter = username
operator = regex
value =
^(.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.[Aa][Cc]\.[Uu][Kk]$|.+@[Uu][Ww][Ii][Cc]\.[Aa][Cc]\.[Uu][Kk]$
<mailto:.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]%5C.%5bAa%5d%5bCc%5d%5C.%5bUu%5d%5bKk%5d$%7C.+@%5bUu%5d%5bWw%5d%5bIi%5d%5bCc%5d%5C.%5bAa%5d%5bCc%5d%5C.%5bUu%5d%5bKk%5d$>)
[autoreg:!visiting_user_not]
scope = AutoRegister
role = visitor_welcome
James Rouzier
[email protected] :: +1.514.447.4918 (x115) :: http://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://www.packetfence.org)
On 2016-04-28 12:44 PM, Morris, Andi wrote:
Hey all,
A bump of an old topic, but it still seems to be the case. Somewhere
since version 5.0.1 the vlan_filters has changed as it works as below
in that version, but I couldn’t get it to work with version 5.7.0 or
now with 6.0.
I can get a positive match using ‘user_name’ and ‘regex’ as you can
see from the previous emails, however I used to use a ‘match_not’ with
‘username’ and this is no longer recognised. Is there a similar syntax
change that I can do make this rule work?
[visiting_user]
filter = username
operator = match_not
value =
^(.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.[Aa][Cc]\.[Uu][Kk]$|.+@[Uu][Ww][Ii][Cc]\.[Aa][Cc]\.[Uu][Kk]$
<mailto:.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]%5C.%5bAa%5d%5bCc%5d%5C.%5bUu%5d%5bKk%5d$%7C.+@%5bUu%5d%5bWw%5d%5bIi%5d%5bCc%5d%5C.%5bAa%5d%5bCc%5d%5C.%5bUu%5d%5bKk%5d$>)
Cheers,
Andi
*From:*Morris, Andi [mailto:[email protected]]
*Sent:* 03 March 2016 13:54
*To:* [email protected]
*Subject:* Re: [PacketFence-users] autoreg with vlan filter not working
Bingo! Thanks Fabrice.
*From:*Fabrice DURAND [mailto:[email protected]]
*Sent:* 03 March 2016 13:34
*To:* [email protected]
<mailto:[email protected]>
*Subject:* Re: [PacketFence-users] autoreg with vlan filter not working
let's try with regex but user_name instead of username.
Fabrice
Le 2016-03-03 08:19, Morris, Andi a écrit :
Hi Fabrice,
No luck there sorry. I changed that, restarted packetfence,
packetfence-config and also performed a configreload hard but I
still see the following in the packetfence.log:
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37]
handling radius autz request: from switch_ip => (192.168.142.13),
connection_type => Wireless-802.11-EAP,switch_mac =>
(00:3a:98:d0:1e:c0), mac => [30:10:b3:13:be:37], port => 13,
username => "[email protected]"
<mailto:[email protected]>, ssid => eduroam_dev
(pf::radius::authorize)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] is
of status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37]
(192.168.142.13) Added VLAN 60 to the returned RADIUS reply
(pf::Switch::returnRadiusAccessAccept)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37]
(192.168.142.13) Returning ACCEPT with VLAN 60
(pf::Switch::returnRadiusAccessAccept)
Cheers,
Andi
*From:*Durand fabrice [mailto:[email protected]]
*Sent:* 03 March 2016 12:29
*To:* [email protected]
<mailto:[email protected]>
*Subject:* Re: [PacketFence-users] autoreg with vlan filter not
working
Hi Andi,
replace match by regex.
Regards
Fabrice
Le 2016-03-03 06:43, Morris, Andi a écrit :
Hi,
Running version 5.7.0 on CentOS.
I’m trying to get autoreg working through vlan_filters like I
have on my 5.0.1 production install but it doesn’t seem to be
taking effect and new devices are being sent into the
registration network after a radius access-accept message.
My vlan filter is as below, which is directly lifted from my
5.0.1 config. Has anything changed with vlan filters? I’ve
tried switching ‘match’ for ‘regex’ as I’ve seen that
mentioned in the documentation and on this list. The only
major different in my config on the newer version is that I’m
using the built-in domain/realm config in the GUI, which I
didn’t do on my 5.0.1 install. I’m not sure if that has a
bearing as I’m trying to filter on the realm name.
[home_user]
filter = username
operator = match
value =
^(.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.[Aa][Cc]\.[Uu][Kk]$|.+@[Uu][Ww][Ii][Cc]\.[Aa][Cc]\.[Uu][Kk]$
<mailto:.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]%5C.%5bAa%5d%5bCc%5d%5C.%5bUu%5d%5bKk%5d$%7C.+@%5bUu%5d%5bWw%5d%5bIi%5d%5bCc%5d%5C.%5bAa%5d%5bCc%5d%5C.%5bUu%5d%5bKk%5d$>)
[autoreg:home_user]
scope = AutoRegister
role = eduroam_home
realm.conf is:
[cardiffmet.ac.uk]
domain=myDomainlabel
options=strip
[uwic.ac.uk]
domain= myDomainlabel
options=strip
Cheers,
Andi
-------------------------------------
Andi Morris
IT Security Officer
Cardiff Metropolitan University
T: 02920 205720
E: [email protected] <mailto:[email protected]>
--------------------------------------
------------------------------------------------------------------------
Image removed by sender. Cardiff Metropolitan University - 150
years of nurturing talent
<http://www.cardiffmet.ac.uk/cardiffmet150>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
