On Tue, May 7, 2019 22:29, Durand fabrice via PacketFence-users wrote:
> Hello David,
>
> for that you can use the radius filter to add on the fly the additional
> attribute.
>
> [mac]
> filter = mac
> operator = is
> value = 00:11:22:33:44:55
>
> [1:mac]
> scope = returnRadiusAccessAccept
> merge_answer = yes
> answer1 = Egress-VLANID => 22
>
> If the mac is 00:11:22:33:44:55 then add Egress-VLANID = 22 attribute in
> the reply.
I created the following at the end of pf/conf/radius_filters.conf:
[mymachine1]
filter = mac
operator = is
value = 07:3d:95:14:aa:ee
[mac:mymachine1]
scope = returnRadiusAccessAccept
merge_answer = yes
answer1 = Egress-VLANID => 0x31000190
answer2 = Egress-VLANID => 0x32000064
It only seems to be returning one result:
Reply-Message = "Request processed by PacketFence"
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "100"
Egress-VLANID = 838860900
Tunnel-Medium-Type:0 = IEEE-802
Only the last entry is sent back? If I then add a third entry:
answer3 = Egress-VLANID => 0x32000065
I get back
Egress-VLANID = 838860901
For changes to take effect, it looks like I need to restart httpd.aaa, but
when I do so from the web UI, I get DB connection errors:
May 8 11:41:15 pf1 packetfence: INFO pfcmd.pl(13907): Connecting to
MySQL database (pfconfig::backend::mysql::_get_db)
May 8 11:41:15 pf1 packetfence: ERROR pfcmd.pl(13907): Can't get any
result from DB while trying to check for database schema version
(pf::version::version_check_db)
May 8 11:41:16 pf1 packetfence: INFO pfcmd.pl(13907): Preprocessing
filter condition 'mymachine'
(pf::config::builder::scoped_filter_engines::preprocessCondition)
May 8 11:41:16 pf1 packetfence: INFO pfcmd.pl(13907): Processing rule
'mac:mymachine'
(pf::config::builder::scoped_filter_engines::preprocessRule)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
