Hello Enrico,
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Installation_Guide.asciidoc#advanced-access-configuration
Try that instead:
machine_account != "" && ssid == Secure
Regards
Fabrice
Le 19-07-18 à 17 h 29, Enrico Pasqualotto via PacketFence-users a écrit :
By checking the code of radius.pm (where should create condition to
profile selection) I can't saw the node_info loaded in option. Can be
the issue why I'm not able to use node_info.machine_account inside
advanced_filter?
$options->{'last_connection_sub_type'} = $args->{'connection_sub_type'};
$options->{'last_connection_type'} =
connection_type_to_str($args->{'connection_type'});
$options->{'last_switch'} = $switch_id;
$options->{'last_port'} = $args->{'switch'}->{switch_port} if
(defined($args->{'switch'}->{switch_port}));
$options->{'last_vlan'} = $args->{'vlan'} if (defined($args->{'vlan'}));
$options->{'last_ssid'} = $args->{'ssid'} if (defined($args->{'ssid'}));
$options->{'last_dot1x_username'} = $args->{'user_name'} if
(defined($args->{'user_name'}));
$options->{'realm'} = $args->{'realm'} if (defined($args->{'realm'}));
$options->{'radius_request'} = $args->{'radius_request'};
$options->{'fingerbank_info'} = $args->{'fingerbank_info'};
my $profile =
pf::Connection::ProfileFactory->instantiate($args->{'mac'},$options);
Docs in "Installation Guide" have also an example like:
node_info.machine_account != "" && ssid == Secure
Someone can help me to better understand the issue?
Thanks
------------------------------------------------------------------------
*Da:* Enrico Pasqualotto via PacketFence-users
<[email protected]>
*Inviato:* martedì 16 luglio 2019 14:26
*A:* [email protected]
*Cc:* Enrico Pasqualotto
*Oggetto:* [PacketFence-users] Profile filtering using machine_account
Hello, I'm trying to configure a setup in 802.1x where VLAN are
assigned using Active-Directory group (ex:
action0=set_role=Role_VLAN1, condition0=memberOf,matches
regexp,GroupVLAN1) but for certain VLAN is mandatory to have a PC
joined to domain.
All PCs have "machine_auth or user auth" option into WLAN settings, so
it make machine_auth into login screen and user auth after user
credential.
As customer also needs to manage the setup I prefer to use WEB GUI.
I've created a profile with an advanced_filter:
node_info.machine_account != "" and the sources with the group that
is mandatory the domain join.
If I check into nodes details I saw the machine_account correctly set
but profile doesn't get matched until I remove the string:
node_info.machine_account != ""
Anyone know why it doesn't match the profile when I got
machine_account set?
--
Enrico Pasqualotto for
Private mail: [email protected] <mailto:[email protected]>
Office: +39 045 9971269
Le informazioni contenute in questo messaggio di posta elettronica e
negli eventuali allegati sono riservate e confidenziali e sono
indirizzate esclusivamente al destinatario. Si prega di non fare
copia, inoltrare a terzi o conservare tale messaggio se non si è il
legittimo destinatario dello stesso. Qualora questo messaggio sia
stato ricevuto per errore, si prega di rinviarlo al mittente e di
cancellarlo permanentemente dal proprio computer.
The information contained in this message and in any attachment is
intended exclusively for the recipient. If you are not the intended
recipient you are hereby notified not to copy, save, disclose, or
distribute it to any third party. If you erroneously received this
message you are kindly requested to return it to the sender and
eliminate it permanently from your computer.
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
