Great! I got the go environment built and recompiled pfhttpd, and packet
traces show me that we are now *not* sending the &g= at the end, and my
iboss's are therefore performing ldap lookups for group memberships as
desired:
14:39:09.120909 IP (tos 0x0, ttl 64, id 48034, offset 0, flags [DF], proto
TCP (6), length 330)
10.1.1.87.43322 > 10.1.1.252.8015: Flags [P.], cksum 0x1891 (incorrect
-> 0xa8c6), seq 0:278, ack 1, win 229, options [nop,nop,TS val 778109 ecr
173754786], length 278
E..J..@[email protected].
..W
....:.O._d.].q............
...}
[I.GET
/nacAgent?action=login&user=lowed&dc=Packetfence&key=XS832CF2A&ip=172.16.96.56&cn=lowed
HTTP/1.1
Host: 10.1.1.252:8015
User-Agent: Go-http-client/1.1
Content-Length: 27
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
However, now I'm seeing another problem I had to fix before in the perl:
some users connect as DOMAIN\username when on pc's vs the same users
connecting with stripped username on a mobile device. The iBoss expects to
see stripped username. In pre-7.x days I was fixing this up here:
/usr/local/pf/lib/pf/firewallsso/Iboss.pm from
my $username = $node_info->{'last_dot1x_username'};
to
my $username = $node_info->{'stripped_user_name'};
and it was working well, but I don't know what RADIUS attributes are being
passed to the iboss.go. Where should I look to see if I have access to the
'stripped_user_name' attribute?
Thanks,
Gary
On Mon, Sep 18, 2017 at 11:15 AM, Louis Munro via PacketFence-users <
[email protected]> wrote:
> Indeed, Go is a compiled language like C.
>
> You will have to use the go compiler to recompile that file.
> It should not be too hard once you get the hang of it.
>
> Take a look at /usr/local/pf/go/README.md.
>
> Regards,
> --
> Louis Munro
> [email protected] :: www.inverse.ca
> +1.514.447.4918 x125 <(514)%20447-4918> :: +1 (866) 353-6153 x125
> <(866)%20353-6153>
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
> On Sep 18, 2017, at 10:44, Gary Stansbury via PacketFence-users <
> [email protected]> wrote:
>
>
>
> Pre 7.0 I was able to modify /usr/local/pf/lib/pf/firewallsso/Iboss.pm
> and remove the "&g=" part from the end of the http request packetfence
> builds to notify our iBoss devices of SSO events. This is necessary for us
> because we want the iboss to query ldap based on username to determine what
> groups a user is a member of instead of relying on the packetfence "role",
> which we currently just use to determine which SSID someone has connected
> to.
>
> I see that in 7.0+ a lot of the SSO stuff has been converted from perl to
> golang, and I'm entirely unfamiliar with it. I made the similar change in
>
> /usr/local/pf/go/firewallsso/iboss.go
>
> func (fw *Iboss) getRequest(ctx context.Context, action string, info
> map[string]string) (*http.Request, error) {
> req, err := http.NewRequest(
> "GET",
> fmt.Sprintf(
> "http://%s:%s/nacAgent?action=
> %s&user=%s&dc=%s&key=%s&ip=%s&cn=%s&g=%s",
> fw.PfconfigHashNS,
> fw.Port,
> action,
> info["username"],
> fw.NacName,
> fw.Password,
> info["ip"],
> info["username"],
> info["role"],
> ), bytes.NewBufferString("query=libwww-perl&mode=dist"),
>
> removed the &g portions:
>
> func (fw *Iboss) getRequest(ctx context.Context, action string, info
> map[string]string) (*http.Request, error) {
> req, err := http.NewRequest(
> "GET",
> fmt.Sprintf(
> "http://%s:%s/nacAgent?action=
> %s&user=%s&dc=%s&key=%s&ip=%s&cn=%s",
> fw.PfconfigHashNS,
> fw.Port,
> action,
> info["username"],
> fw.NacName,
> fw.Password,
> info["ip"],
> info["username"],
> ), bytes.NewBufferString("query=libwww-perl&mode=dist"),
>
> but no amount of configreloading or restarting services seems to make it
> want to re-read that updated go file. Is there some compiling I must do to
> regenerate this firewallsso package?
>
> Thanks,
>
> --
> Gary Stansbury
> Network Engineer
> Troup County Board of Education, LaGrange, GA
> 706-594-3928 <(706)%20594-3928>
>
>
>
> --
> Gary Stansbury
> Network Engineer
> Troup County Board of Education, LaGrange, GA
> 706-594-3928 <(706)%20594-3928>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot______
> _________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Gary Stansbury
Network Engineer
Troup County Board of Education, LaGrange, GA
706-594-3928
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
