You suppose to see in the packetfence.log file if the filter match, do
you see it ?
Le 2018-02-09 à 11:28, John Sayce via PacketFence-users a écrit :
I've given it a go but it doesn't seem to apply.
I simplified it further to:
[mac]
filter = node_info.mac
operator = match
value = 00:11:22:33:44:55
[2:mac]
scope = RegisteredRole
role = REJECT
This didn't seem to apply either. Am I missing something obvious? Is there a
way to debug this?
John
-----Original Message-----
From: Fabrice Durand via PacketFence-users
[mailto:[email protected]]
Sent: 06 February 2018 14:06
To: [email protected]
Cc: Fabrice Durand <[email protected]>
Subject: Re: [PacketFence-users] Radius Filter
Hello John,
something like that in the vlan filters should work:
[ssid]
filter = ssid
operator = is
value = OPENSSID
[role]
filter = node_info.category
operator = match
value = SOMEROLE
[1:ssid&role]
scope = RegisteredRole
role = REJECT
Regards
Fabrice
Le 2018-02-06 à 08:46, John Sayce via PacketFence-users a écrit :
I'm looking for a little guidance. I've got two SSIDs, one open and
one secured. They both use mac auth against packetfence. I don't
want the clients that are registered for certain roles to connect to
the unsecured SSID. Can I use a radius filter (or possibly a vlan
filter) to match the SSID and role to reject the clients? Something
like
[ssid]
filter = ssid
operator = is
value = OPENSSID
[role]
filter = user_role
operator = is
value = SOMEROLE
[1:ssid&role]
scope = returnRadiusAccessAccept
merge_answer = no
answer1 = RLM_MODULE_REJECT?
Not really sure how to reject the radius request.
Thanks
John Sayce
----------------------------------------------------------------------
-------- Check out the vibrant tech community on one of the world's
most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc.
:: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
