Hello Ali,
in fact you probably miss the freeradius dictionary.
Check the dictionaty here:
https://github.com/FreeRADIUS/freeradius-server/pull/3179/files
and copy the file in /usr/share/freeradius then restart the radius services.
Regards
Fabrice
Le 19-12-04 à 05 h 40, Amjad Ali a écrit :
Hi Fabrice,
Sorry for coming back to you on this issue so late, I got caught up in
other things unfortunately.
So I re-used the Cisco's Catalyst_2960.pm sub returnRadiusAccessAccept
in Pica8.pm to allow downloadable ACLs.
I only replaced Cisco-AVPair with Pica8-AVPair. When I used
Cisco-AVPair, I can see the access-list in radius reply on the
Auditing tab but I dont see the access-list sent when I change it to
Pica8-AVPair. Not sure where it is dropped. I see in the log
(Packetfence.log) that access list added to radius reply but somehow
gets lost. All I get at the switch is a simple Access-Accept with no
other VSA's. Works fine for Cisco VSA though.
Can you please point me to where I should be looking at to fix this.
Thanks you Ali
On Wed, Sep 4, 2019 at 9:37 PM Fabrice Durand via PacketFence-users
<[email protected]
<mailto:[email protected]>> wrote:
Hello Ali,
in fact when you authenticate with 802.1x you authenticate the
user and not the device.
So if you associate the user to a role then the role to an acl it
mean user = ACL.
Also i checked the code of the module and it looks that it doesn't
support dynamic ACL. Btw it looks to use the same kind of
attributes than a cisco switch.
So the support of dynamic acl should be trivial.
Regards
Fabrice
Le 19-09-04 à 06 h 57, Amjad Ali via PacketFence-users a écrit :
Hello there,
We are working on a use case where downloadable and dynamic ACLs
are used as separate features independent of web authentication.
The use case is simple, lets say we have an 802.1X user and I
want to associate a dynamic or downloadable ACL with it when the
authentication passes.
Our switch (Pica8) supports both dynamic and downloadable ACL's,
I just need to know how we can deliver those ACLs with
Access-Accept for both 802.1X and MAB.
I checked the device admin guide, the Role Mapping by Access
List, but its on a per device assignment, we want a per user
assignment.
Any suggestions would be very well appreciated.
Thanks
Ali
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Amjad Ali
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
