Hi Antoine, > There is a reevaluate happening every time a user connect to a SSID as > long as there is a new RADIUS request coming in. > that's what I expected. My Aerohive and my Cisco WLC of course send a news Radius request... But pf doesn't reevaluate the acces, the old rule from the first connection persists.
> Now for what you want to do, you could create a set of rules in your > source of authentication, AD I presume, and use the condition SSID. Send > back the role guest if the SSID is guest, or apply your normal rules if the > SSID is internal. > Yes, I have a rule for my WPA2 encrypted Wifi with 802.1x auth (no I don't use AD Auth, I use our client certificates from our Windows CA and make a EAP-TLS Authentification.) In that rule, I defined the appropriate SSID. currently I use the Internal Database for guest Users, but how can I configure a rule with internal users? Is it the "Legacy Source"? When I try to edit that rule, I get the following message: "Error! The file is not readable." Greetings Tobias On 09/21/2016 05:46 AM, Tobias Friede wrote: > > Hi, > > is it possible to reevaluate acces everytime, a client/user make a > reconnect on our wifi? > > > Greetings > Tobias > > 2016-09-02 11:36 GMT+02:00 Tobias Friede <t.fri...@gmail.com>: > >> Hi, >> >> No one with an Idea how to fix my problem? >> Or is it better to use two packetfence servers, one for internal >> authentification and one for hotspot services? >> >> Greetings >> Tobias >> >> 2016-09-01 9:20 GMT+02:00 Tobias Friede <t.fri...@gmail.com>: >> > Hi, >> > >> > I have the following problem. I have 2 SSIDs: >> > Guest and Internal. >> > >> > The Guest WiFi is OPEN an just secured with a captive page. The >> > internal is secured wit 802.1x EAP-TLS >> > If a user connects to the guest wifi and log in with a guest account, >> > our Aerohive APS and Cisco WLC will move them to the correct vLAN. >> > Everything seems to be fine. Unregistration via PF interface works >> > fine too, so CoA is working. >> > >> > But If a user moves to the internal WiFi, the VLAN doesn't change back >> > to the internal vLAN. >> > The client still remains in guest VLAN, I think, because the client is >> > registered for the guest user account. >> > Is there any solution to solve this? >> > >> > >> > >> > Greetings >> > Tobias >> > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing > listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Antoine amacheraamac...@inverse.ca :: www.inverse.ca +1.514.447.4918 x130 > :: +1 (866) 353-6153 x130 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > > ------------------------------------------------------------ > ------------------ > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users