Hello Geert,
IMO if you use 802.1x the better option is to use autoregistration and
use the AD source and at the end of the AD source rules add a catch_all
that return the REJECT role.
So each time a device authenticate then PacketFence will compute the new
role and if it's REJECT then the device is rejected in the radius answer.
Regards
Fabrice
Le 18-11-09 à 05 h 25, Geert Heremans via PacketFence-users a écrit :
Hello,
I'm using PF for the first year on our school. Each student is part of
an AD GROUP and some of these groups are added tot the AD group that's
being used in PF to allow internet access.
These users can then access the WIFI and register their device.
I've noticed that when I remove a group for the Wifi enabled group
these members can still access the WIFI if they use their registered
devices. The only thing that changes is that they then no longer are
able to register a new device.
Is it possible to reevaluate the access every 5min for example? And
disconnect the users when they no longer belong to the Wifi enabled AD
group?
I'm using PF out-of-band
Best regards,
Geert
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
