Antonio,
So I tested the flow described and discovered a code issue when it comes to the
IP reevaluation workflow.
I opened an issue (https://github.com/inverse-inc/packetfence/issues/1963
<https://github.com/inverse-inc/packetfence/issues/1963>) and fixed it with the
commit id
(https://github.com/inverse-inc/packetfence/commit/73ab8151017d49e1006f5f8bc37bbf401a69cb1f
<https://github.com/inverse-inc/packetfence/commit/73ab8151017d49e1006f5f8bc37bbf401a69cb1f>)
Please try to apply that fix to your setup, reenable the “Reauthenticate node”
configuration parameter under Configuration > Inline and let me know if that
works.
Cheers!
-dw.
--
Derek Wuelfrath
de...@inverse.ca <mailto:de...@inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <https://sogo.nu/>) and
PacketFence (www.packetfence.org <https://packetfence.org/>)
> On Jan 13, 2017, at 17:01, viny <vinyanali...@gmail.com> wrote:
>
> In principle, in the hospital where I work, what we wanted was to use
> PacketFence to manage both of our wireless networks, as I reported
> here: https://sourceforge.net/p/packetfence/mailman/message/35511813/
> <https://sourceforge.net/p/packetfence/mailman/message/35511813/>
>
>> Unless you configure PacketFence otherwise [...]
>
> We would like to configure PacketFence so that it automatically
> unregisters any node that leaves a first network and enters a second
> one, showing that node the second network's captive portal so it must
> register again to use the second network. But we don't know how to
> achieve that. Do you have any idea on how to do it?
>
> If you could shed some light on that problem, we would be very
> thankful. We could shutdown pfSense and use only PacketFence.
>
> Let me explain our setup.
>
> In our first experiment with PacketFence, we have set up its interfaces
> this way:
>
> - eth0: Management
> - eth0 VLAN ID 500: Inline Layer 2, IP address 10.100.32.1/20
> - eth0 VLAN ID 600: Inline Layer 2, IP address 10.100.64.1/20
>
> And we have set up Ubiquiti APs to serve two wireless networks:
>
> (1) SSID Corporative Wi-Fi: VLAN ID 500
> (2) SSID Patients Wi-Fi: VLAN ID 600
>
> Following the Administration Guide, in PacketFence:
>
> - We have created two user roles: (1) Employee and (2) Patient
> - We have added two authentication sources: (1) Active Directory with a
> rule so that Role = Employee and (2) external HTTP API with a rule so
> that Role = Patient
> - We have created two portal profiles: (1) Employee, with a filter
> Network = 10.100.32.0/20 and Source = Active Directory and (2) Patient
> with a filter Network = 10.100.64.0/20 and Source = external HTTP API
>
> So, what happens? (let me retype the relevant portion of my first
> email)
>
>> We have noticed that if we connect to the Corporative Wi-Fi and
> authenticate through the captive portal, then disconnect and connect
> to the Patients Wi-Fi, its captive portal is not shown and access to
> that second network is granted. In the end, the device is shown on the
> Nodes table with an IP Address from the Patients network, but Role =
> Corporative.
>>
>> Enabling the option Reauthenticate node (Should have to reauthenticate
> the node if vlan change) in Configuration > Main > Inline did not
> help.
>>
>> Is there any way we could enforce reauthentication if the user exits
> one network and enters another?
>
> Thank you in advance!
>
>
> Antonio
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
