Hi, I want to give users access to the correct VLAN, based on group membership in AD. By using the registration portal, this works.
If I want to withdraw access, I remove the user from the AD group, deregister him in PF and reevaluate access, and next time the user connects to network, he will be redirect to the registration portal. My question is how to arrive at similar functionality for autoregistration on for 802.1X. Basically, what I want to achieve is that: 1) nodes can access the wifi network with the normal 802.1X dialog (eg in Windows) without being directed tot he registration portal. This works if I set the "automatic registration" for the relevant portal. If users are member of the appropriate AD group, they will be connected to right VLAN. If users are not member, they have no access. 2)already registered nodes can be prevented to get access by removing the user from the AD group. This does not work. If I deregister the relevant node, and the user tries to reconnect, he still gets access tot he VLAN. I had a look at the code, and it seems that if everyting fails (eg the user can not be authenticated because he is not member of the right AD group anymore), the VLAN that is returned is the one that is associated with the node. This is also reported in the pf log file. What I want is that such a user is not connected anymore, or eg connected to the isolation vlan. Any suggestions? Thanks, JG ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
