Hello Anton,
Can you try that:
[regnetwork]
filter = ssid
operator = is
value = ess_pf_MacAuth
[normalnetwork]
filter = ssid
operator = is
value = ess_pf_Dot1x
[is_staff]
filter = node_info.category
operator = is
value = admin_wlan
[is_student]
filter = node_info.category
operator = is
value = student_wlan
# unregister all staff nodes when connecting to open ssid
[unregnode:regnetwork&is_staff]
scope = NormalVlan
role = registration
action = modify_node
action_param = mac = $mac, status = 'unreg'
# unregister all student nodes when connecting to open ssid
[unregnode:regnetwork&is_student]
scope = NormalVlan
role = registration
action = modify_node
action_param = mac = $mac, status = 'unreg'
# if a registered device connects to open ssid change role to default
<<<<<<<<<<<<<<<<<< this doesn’t work
[unsetautoreg:regnetwork&(is_student|is_staff)]
scope = RegisteredRole
role = registration
action = modify_node
action_param = mac = $mac, autoreg = no, status = 'unreg'
#----------------------auto register on
Dot1x-----------------------------------
[1:normalnetwork]
scope = AutoRegister
role = admin_wlan
[nodeinfoadmin]
scope = NodeInfoForAutoReg
filter = node_info.category
operator = is
value = admin_wlan
[nodeinfostudent]
scope = NodeInfoForAutoReg
filter = node_info.category
operator = is
value = student_wlan
[autoreg]
filter = node_info
attribute = autoreg
operator = match
value = yes
[2:autoreg&nodeinfoadmin]
scope = NormalVlan
role = admin_wlan
action = register_node
action_param = mac = $mac
[3:autoreg&nodeinfostudent]
scope = NormalVlan
role = student_wlan
action = register_node
action_param = mac = $mac
Regards
Fabrice
Le 2016-05-23 10:36, Anton Dreyer a écrit :
Thanks Fabrice
I managed to get the auto registration working with your help as per
below. I have one last problem I am hoping you can help resolve. After
testing the auto deregistration again it seems that it only properly
shows the guest portal page if you set the role also. When the role is
set to admin/student the portal that pops up when trying to connect to
the open SSID just says “your access will be enabled shortly”. What
does work is that the node registers and de-registers when swapping
between the SSID’s.
I have compiled the highlighted section below trying to set the node
back to the registration role without any luck. (I have tried all the
examples I could find in the mailing list also)
How do I go about forcing the node role back to registration or even
to guest when it connects to the open SSID?
Thanks again for all your assistance
Anton
-----
[regnetwork]
filter = ssid
operator = is
value = ess_pf_MacAuth
[normalnetwork]
filter = ssid
operator = is
value = ess_pf_Dot1x
[is_staff]
filter = node_info.category
operator = is
value = admin_wlan
[is_student]
filter = node_info.category
operator = is
value = student_wlan
# unregister all staff nodes when connecting to open ssid
[unregnode:regnetwork&is_staff]
scope = NormalVlan
role = registration
action = modify_node
action_param = mac = $mac, status = 'unreg'
# unregister all student nodes when connecting to open ssid
[unregnode:regnetwork&is_student]
scope = NormalVlan
role = registration
action = modify_node
action_param = mac = $mac, status = 'unreg'
# if a registered device connects to open ssid change role to default
<<<<<<<<<<<<<<<<<< this doesn’t work
[unsetautoreg:regnetwork&(is_student|is_staff)]
scope = RegisteredRole
role = registration
action = modify_node
action_param = mac = $mac, category = registration, autoreg = no
#----------------------auto register on
Dot1x-----------------------------------
[1:normalnetwork]
scope = AutoRegister
role = admin_wlan
[nodeinfoadmin]
scope = NodeInfoForAutoReg
filter = node_info.category
operator = is
value = admin_wlan
[nodeinfostudent]
scope = NodeInfoForAutoReg
filter = node_info.category
operator = is
value = student_wlan
[autoreg]
filter = node_info
attribute = autoreg
operator = match
value = yes
[2:autoreg&nodeinfoadmin]
scope = NormalVlan
role = admin_wlan
action = register_node
action_param = mac = $mac
[3:autoreg&nodeinfostudent]
scope = NormalVlan
role = student_wlan
action = register_node
action_param = mac = $mac
# bin/pfcmd service httpd.aaa restart
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
