Hi Fabrice, Yes! that worked out beautifully. We'll run some tests to make sure everything is ok and make the pull request later.
Thank you for all help... Ali On Wed, Dec 4, 2019 at 9:58 PM Fabrice Durand <[email protected]> wrote: > Hello Ali, > > in fact you probably miss the freeradius dictionary. > > Check the dictionaty here: > https://github.com/FreeRADIUS/freeradius-server/pull/3179/files > > and copy the file in /usr/share/freeradius then restart the radius > services. > > Regards > > Fabrice > > > Le 19-12-04 à 05 h 40, Amjad Ali a écrit : > > Hi Fabrice, > > Sorry for coming back to you on this issue so late, I got caught up in > other things unfortunately. > > So I re-used the Cisco's Catalyst_2960.pm sub returnRadiusAccessAccept in > Pica8.pm to allow downloadable ACLs. > > I only replaced Cisco-AVPair with Pica8-AVPair. When I used Cisco-AVPair, > I can see the access-list in radius reply on the Auditing tab but I dont > see the access-list sent when I change it to Pica8-AVPair. Not sure where > it is dropped. I see in the log (Packetfence.log) that access list added to > radius reply but somehow gets lost. All I get at the switch is a simple > Access-Accept with no other VSA's. Works fine for Cisco VSA though. > > Can you please point me to where I should be looking at to fix this. > > Thanks you Ali > > On Wed, Sep 4, 2019 at 9:37 PM Fabrice Durand via PacketFence-users < > [email protected]> wrote: > >> Hello Ali, >> >> in fact when you authenticate with 802.1x you authenticate the user and >> not the device. >> >> So if you associate the user to a role then the role to an acl it mean >> user = ACL. >> >> Also i checked the code of the module and it looks that it doesn't >> support dynamic ACL. Btw it looks to use the same kind of attributes than a >> cisco switch. >> >> So the support of dynamic acl should be trivial. >> >> Regards >> >> Fabrice >> >> >> >> Le 19-09-04 à 06 h 57, Amjad Ali via PacketFence-users a écrit : >> >> Hello there, >> >> We are working on a use case where downloadable and dynamic ACLs are used >> as separate features independent of web authentication. >> >> The use case is simple, lets say we have an 802.1X user and I want to >> associate a dynamic or downloadable ACL with it when the authentication >> passes. >> >> Our switch (Pica8) supports both dynamic and downloadable ACL's, I just >> need to know how we can deliver those ACLs with Access-Accept for both >> 802.1X and MAB. >> >> I checked the device admin guide, the Role Mapping by Access List, but >> its on a per device assignment, we want a per user assignment. >> >> Any suggestions would be very well appreciated. >> >> Thanks >> Ali >> >> >> >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > -- > Amjad Ali > > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > -- Amjad Ali
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
