Hey Fabrice (and others),
Okay, so I have tried the chained module.
Flow is like this:
1. Portal profile captures Wireless Non-EAP and has a Windows provisioner
added for secure SSID that reacts on "guest" role
2. Portal starts authentication using chained module containing Sponsor
authentication module and provisioning module
3. Actions on sponsor authentication module is set to assign role "GuestReg"
and to set duration for 12 hours.
4. Actions on provisioning module is set to set role "guest" and assign
access for 12 hours.
5. Person registers and mail is sent to sponsor
6. Sponsor approves
7. Device being registered changes portal to the Provisoner: Windows module
8. Agent is installed and secure SSID becomes available
User gets authenticated on the portal:
Mar 30 12:13:41 httpd.portal(2975) INFO: [mac:08:11:96:09:26:e0] User
[email protected] has authenticated on the portal. (Class::MOP::Class:::after)
Mar 30 12:13:41 httpd.portal(2975) INFO: [mac:08:11:96:09:26:e0] person
[email protected] added (pf::person::person_add)
Now this is where the chain breaks. In the moment I switch from the open SSID
to the secure SSID, the node is moved to registration again by radius:
Mar 30 11:57:41 httpd.aaa(2857) INFO: [mac:08:11:96:09:26:e0] handling radius
autz request: from switch_ip => (xx.xx.xx.xx), connection_type =>
Wireless-802.11-NoEAP,switch_mac => (00:1c:57:42:1c:d0), mac =>
[08:11:96:09:26:e0], port => 1, username => "0811960926e0", ssid =>
My-Guest-Secure (pf::radius::authorize)
Mar 30 11:57:41 httpd.aaa(2857) INFO: [mac:08:11:96:09:26:e0] Instantiate
profile Wireless-Guest (pf::Portal::ProfileFactory::_from_profile)
Mar 30 11:57:41 httpd.aaa(2857) INFO: [mac:08:11:96:09:26:e0] is of status
unreg; belongs into registration VLAN (pf::role::getRegistrationRole)
So the device gets unregistered again, (or maybe actually never gets
registered?) and I am no longer able to connect to the secure SSID
If I just flow through the normal sponsor flow, without the provisioner chain,
then the device gets registered and happy days!
I am almost about to give up - I guess I will just have to live with the open
SSID....
Any tips, or someone who can help getting this configured for money?
Br,
Jes
Fra: Durand fabrice [mailto:[email protected]]
Sendt: 30. marts 2017 01:36
Til: [email protected]
Emne: Re: [PacketFence-users] Registration, provisioner??, profit!
Hello Jes,
did you tried "chained" in portal module ?
Regards
Fabrice
Le 2017-03-28 à 04:58, Jes Kasper Klittum a écrit :
Hey guys,
Scenario:
I have these 2 SSID's:
Open SSID with mac-auth and defaulting to registration VLAN
Secure SSID with WPA2
I want to achieve the following;
Unregistered device connects to the open SSID, is put into registration VLAN
and is directed to the captive portal. From here he needs to perform a
sponsor-based registration.
When this registration is done, and approved by the sponsor, I wan't the device
to be moved from the open SSID to the secure SSID automatically.
I have tried adding an iOS provisioner to the registration portal, but then it
skips the whole sponsor registration step, which results in the device not
getting access as it is not registered?
How do I achieve what I try to do?
Med venlig hilsen / Best regards,
BISCA A/S
Jes Kasper Klittum
Head of IT
Ahornvej 1,
DK-4780 Stege
[Beskrivelse: Beskrivelse: Beskrivelse: Beskrivelse:
Beskrivelse: Beskrivelse: Beskrivelse: Beskrivelse: Beskrivelse:
Beskrivelse: Beskrivelse: Beskrivelse:
cid:[email protected]] +45 3162 3495
[Beskrivelse: Beskrivelse: Beskrivelse: Beskrivelse:
cid:[email protected]] +45 7211 0495
[email protected]<mailto:[email protected]>
[Beskrivelse: Beskrivelse: Beskrivelse: Beskrivelse:
Beskrivelse: Beskrivelse: Beskrivelse: Beskrivelse: Beskrivelse:
Beskrivelse: Beskrivelse: Beskrivelse:
cid:[email protected]]www.bisca.com
[Logo (002)]
P Please consider the environment before printing this e-mail.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
