Hello Anton,
the fact is the role in not yet set in the AutoRegister scope:
[1:normalnetwork&is_staff]
scope = AutoRegister
role = admin_wlan
[2:normalnetwork&is_student]
scope = AutoRegister
role = student_wlan
So do that instead:
[1:normalnetwork]
scope = AutoRegister
role = admin_wlan
And when it will go in the normal flow (NodeInfoForAutoReg after
AutoRegister) it will try to instantiate the portal (Filter
SSID:ess_pf_Dot1x) and try to match with you AD source.
Of course you must have a portal profile with SSID:ess_pf_Dot1x and
assign the AD source on it.
Regards
Fabrice
Le 2016-05-19 09:44, Anton Dreyer a écrit :
Good day
I was hoping I could get a little assistance regarding auto
registration on the 802.1x network (skipping the whole portal part)
The examples for auto registration I have found seem to have a single,
default role. You guys helped me to put together the top part of the
filter below a couple of months ago to deregister someone connecting
to the open network:
Would it be a terrible ask to help writing a filter to autoregister on
the secure ssid? I am guessing it would look something like this?:
[regnetwork]
filter = ssid
operator = is
value = ess_pf_MacAuth
[is_staff]
filter = node_info.category
operator = is
value = admin_wlan
[is_student]
filter = node_info.category
operator = is
value = student_wlan
#unregister all staff nodes when connecting to open ssid
[unregnode:regnetwork&is_staff]
scope = NormalVlan
role = registration
action = deregister_node
action_param = mac = $mac
#unregister all student nodes when connecting to open ssid
[unregnode:regnetwork&is_student]
scope = NormalVlan
role = registration
action = deregister_node
# ------------ the code above works, new code below --------------------
#autoregister on Dot1x
[normalnetwork]
filter = ssid
operator = is
value = ess_pf_Dot1x
[1:normalnetwork&is_staff]
scope = AutoRegister
role = admin_wlan
[2:normalnetwork&is_student]
scope = AutoRegister
role = student_wlan
[autoreg]
filter = node_info
attribute = autoreg
operator = match
value = yes
[3:autoreg]
scope = NormalVlan
action = register_node
action_param = mac = $mac
---
Thanks in advance!
Anton
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
