Hi Fabrice
Thanks for taking the time to answer.
This is exactly what I am not sure how to accomplish. I have 2x AD sources in
the portal profile. Is It possible to set the 2 roles in the auto register
portion? By doing
[1:normalnetwork]
scope = AutoRegister
role = admin_wlan
do you not set everyone to admin_wlan? How do I manage to differentiate between
the roles/sources?
Thanks again
Regards
Anton
From: Fabrice Durand [mailto:[email protected]]
Sent: Thursday, 19 May 2016 4:27 PM
To: [email protected]
Subject: Re: [PacketFence-users] Auto registration
Hello Anton,
the fact is the role in not yet set in the AutoRegister scope:
[1:normalnetwork&is_staff]
scope = AutoRegister
role = admin_wlan
[2:normalnetwork&is_student]
scope = AutoRegister
role = student_wlan
So do that instead:
[1:normalnetwork]
scope = AutoRegister
role = admin_wlan
And when it will go in the normal flow (NodeInfoForAutoReg after AutoRegister)
it will try to instantiate the portal (Filter SSID:ess_pf_Dot1x) and try to
match with you AD source.
Of course you must have a portal profile with SSID:ess_pf_Dot1x and assign the
AD source on it.
Regards
Fabrice
Le 2016-05-19 09:44, Anton Dreyer a écrit :
Good day
I was hoping I could get a little assistance regarding auto registration on the
802.1x network (skipping the whole portal part)
The examples for auto registration I have found seem to have a single, default
role. You guys helped me to put together the top part of the filter below a
couple of months ago to deregister someone connecting to the open network:
Would it be a terrible ask to help writing a filter to autoregister on the
secure ssid? I am guessing it would look something like this?:
[regnetwork]
filter = ssid
operator = is
value = ess_pf_MacAuth
[is_staff]
filter = node_info.category
operator = is
value = admin_wlan
[is_student]
filter = node_info.category
operator = is
value = student_wlan
#unregister all staff nodes when connecting to open ssid
[unregnode:regnetwork&is_staff]
scope = NormalVlan
role = registration
action = deregister_node
action_param = mac = $mac
#unregister all student nodes when connecting to open ssid
[unregnode:regnetwork&is_student]
scope = NormalVlan
role = registration
action = deregister_node
# ------------ the code above works, new code below --------------------
#autoregister on Dot1x
[normalnetwork]
filter = ssid
operator = is
value = ess_pf_Dot1x
[1:normalnetwork&is_staff]
scope = AutoRegister
role = admin_wlan
[2:normalnetwork&is_student]
scope = AutoRegister
role = student_wlan
[autoreg]
filter = node_info
attribute = autoreg
operator = match
value = yes
[3:autoreg]
scope = NormalVlan
action = register_node
action_param = mac = $mac
---
Thanks in advance!
Anton
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
