I've given it a go but it doesn't seem to apply. I simplified it further to:
[mac] filter = node_info.mac operator = match value = 00:11:22:33:44:55 [2:mac] scope = RegisteredRole role = REJECT This didn't seem to apply either. Am I missing something obvious? Is there a way to debug this? John -----Original Message----- From: Fabrice Durand via PacketFence-users [mailto:[email protected]] Sent: 06 February 2018 14:06 To: [email protected] Cc: Fabrice Durand <[email protected]> Subject: Re: [PacketFence-users] Radius Filter Hello John, something like that in the vlan filters should work: [ssid] filter = ssid operator = is value = OPENSSID [role] filter = node_info.category operator = match value = SOMEROLE [1:ssid&role] scope = RegisteredRole role = REJECT Regards Fabrice Le 2018-02-06 à 08:46, John Sayce via PacketFence-users a écrit : > I'm looking for a little guidance. I've got two SSIDs, one open and > one secured. They both use mac auth against packetfence. I don't > want the clients that are registered for certain roles to connect to > the unsecured SSID. Can I use a radius filter (or possibly a vlan > filter) to match the SSID and role to reject the clients? Something > like > > [ssid] > filter = ssid > operator = is > value = OPENSSID > > [role] > filter = user_role > operator = is > value = SOMEROLE > > [1:ssid&role] > scope = returnRadiusAccessAccept > merge_answer = no > answer1 = RLM_MODULE_REJECT? > > Not really sure how to reject the radius request. > > Thanks > John Sayce > > ---------------------------------------------------------------------- > -------- Check out the vibrant tech community on one of the world's > most engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
