By checking the code of radius.pm (where should create condition to profile
selection) I can't saw the node_info loaded in option. Can be the issue why I'm
not able to use node_info.machine_account inside advanced_filter?
$options->{'last_connection_sub_type'} = $args->{'connection_sub_type'};
$options->{'last_connection_type'} =
connection_type_to_str($args->{'connection_type'});
$options->{'last_switch'} = $switch_id;
$options->{'last_port'} = $args->{'switch'}->{switch_port} if
(defined($args->{'switch'}->{switch_port}));
$options->{'last_vlan'} = $args->{'vlan'} if (defined($args->{'vlan'}));
$options->{'last_ssid'} = $args->{'ssid'} if (defined($args->{'ssid'}));
$options->{'last_dot1x_username'} = $args->{'user_name'} if
(defined($args->{'user_name'}));
$options->{'realm'} = $args->{'realm'} if (defined($args->{'realm'}));
$options->{'radius_request'} = $args->{'radius_request'};
$options->{'fingerbank_info'} = $args->{'fingerbank_info'};
my $profile =
pf::Connection::ProfileFactory->instantiate($args->{'mac'},$options);
Docs in "Installation Guide" have also an example like:
node_info.machine_account != "" && ssid == Secure
Someone can help me to better understand the issue?
Thanks
________________________________
Da: Enrico Pasqualotto via PacketFence-users
<[email protected]>
Inviato: martedì 16 luglio 2019 14:26
A: [email protected]
Cc: Enrico Pasqualotto
Oggetto: [PacketFence-users] Profile filtering using machine_account
Hello, I'm trying to configure a setup in 802.1x where VLAN are assigned using
Active-Directory group (ex: action0=set_role=Role_VLAN1,
condition0=memberOf,matches regexp,GroupVLAN1) but for certain VLAN is
mandatory to have a PC joined to domain.
All PCs have "machine_auth or user auth" option into WLAN settings, so it make
machine_auth into login screen and user auth after user credential.
As customer also needs to manage the setup I prefer to use WEB GUI.
I've created a profile with an advanced_filter: node_info.machine_account != ""
and the sources with the group that is mandatory the domain join.
If I check into nodes details I saw the machine_account correctly set but
profile doesn't get matched until I remove the string:
node_info.machine_account != ""
Anyone know why it doesn't match the profile when I got machine_account set?
--
Enrico Pasqualotto for
[https://www.backloop.biz/backloop_loghi/LOGO_BackLoop_small.png]
Private mail: [email protected]<mailto:[email protected]>
Office: +39 045 9971269
Le informazioni contenute in questo messaggio di posta elettronica e negli
eventuali allegati sono riservate e confidenziali e sono indirizzate
esclusivamente al destinatario. Si prega di non fare copia, inoltrare a terzi o
conservare tale messaggio se non si è il legittimo destinatario dello stesso.
Qualora questo messaggio sia stato ricevuto per errore, si prega di rinviarlo
al mittente e di cancellarlo permanentemente dal proprio computer.
The information contained in this message and in any attachment is intended
exclusively for the recipient. If you are not the intended recipient you are
hereby notified not to copy, save, disclose, or distribute it to any third
party. If you erroneously received this message you are kindly requested to
return it to the sender and eliminate it permanently from your computer.
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
