Thanks Fabrice
I managed to get the auto registration working with your help as per below. I
have one last problem I am hoping you can help resolve. After testing the auto
deregistration again it seems that it only properly shows the guest portal page
if you set the role also. When the role is set to admin/student the portal that
pops up when trying to connect to the open SSID just says "your access will be
enabled shortly". What does work is that the node registers and de-registers
when swapping between the SSID's.
I have compiled the highlighted section below trying to set the node back to
the registration role without any luck. (I have tried all the examples I could
find in the mailing list also)
How do I go about forcing the node role back to registration or even to guest
when it connects to the open SSID?
Thanks again for all your assistance
Anton
-----
[regnetwork]
filter = ssid
operator = is
value = ess_pf_MacAuth
[normalnetwork]
filter = ssid
operator = is
value = ess_pf_Dot1x
[is_staff]
filter = node_info.category
operator = is
value = admin_wlan
[is_student]
filter = node_info.category
operator = is
value = student_wlan
# unregister all staff nodes when connecting to open ssid
[unregnode:regnetwork&is_staff]
scope = NormalVlan
role = registration
action = deregister_node
action_param = mac = $mac
# unregister all student nodes when connecting to open ssid
[unregnode:regnetwork&is_student]
scope = NormalVlan
role = registration
action = deregister_node
action_param = mac = $mac
# if a registered device connects to open ssid change role to default
<<<<<<<<<<<<<<<<<< this doesn't work
[unsetautoreg:regnetwork&(is_student|is_staff)]
scope = RegisteredRole
role = registration
action = modify_node
action_param = mac = $mac, category = registration, autoreg = no
#----------------------auto register on Dot1x-----------------------------------
[1:normalnetwork]
scope = AutoRegister
role = admin_wlan
[nodeinfoadmin]
scope = NodeInfoForAutoReg
filter = node_info.category
operator = is
value = admin_wlan
[nodeinfostudent]
scope = NodeInfoForAutoReg
filter = node_info.category
operator = is
value = student_wlan
[autoreg]
filter = node_info
attribute = autoreg
operator = match
value = yes
[2:autoreg&nodeinfoadmin]
scope = NormalVlan
role = admin_wlan
action = register_node
action_param = mac = $mac
[3:autoreg&nodeinfostudent]
scope = NormalVlan
role = student_wlan
action = register_node
action_param = mac = $mac
# bin/pfcmd service httpd.aaa restart
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
