Hello David, I will be happy to review your PR once done.
Btw i am always impressed by the Mikrotik features, it's like a network equipment switch knife. Last thing, if the deauth method is not the same between wifi and wired , you can add the function wiredeauthTechniques in the switch module. ( https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/Catalyst_2960.pm#L450 ) Regards Fabrice Le mer. 19 mai 2021 à 22:04, David Herselman via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi Fabrice, > > > > Even better! 😊 > > > > Herewith my minimal modifications, I’ll submit a patch after doing some > more testing but everything looks good so far: > > --- Mikrotik.pm.orig 2021-05-08 > 07:38:14.976719201 +0200 > > +++ /usr/local/pf/lib/pf/Switch/Mikrotik.pm 2021-05-19 > 23:05:18.489619568 +0200 > > @@ -29,6 +29,7 @@ > > $SSID > > $WIRELESS_MAC_AUTH > > $WEBAUTH_WIRELESS > > + $WIRELESS > > ); > > sub description { 'Mikrotik' } > > > > @@ -46,6 +47,8 @@ > > # CAPABILITIES > > # access technology supported > > use pf::SwitchSupports qw( > > + WiredMacAuth > > + WiredDot1x > > WirelessMacAuth > > ExternalPortal > > WebFormRegistration > > @@ -139,7 +142,8 @@ > > sub deauthTechniques { > > my ($self, $method, $connection_type) = @_; > > my $logger = $self->logger; > > - my $default = $SNMP::SSH; > > + my $default = $SNMP::RADIUS; > > my %tech = ( > > $SNMP::SSH => 'deauthenticateMacSSH', > > $SNMP::RADIUS => 'deauthenticateMacRadius', > > @@ -257,8 +261,8 @@ > > > > Don't forget to fill /usr/share/freeradius/dictionary.mikrotik with the > following attributes: > > > > -ATTRIBUTE Mikrotik-Wireless-VlanID 26 integer > > -ATTRIBUTE Mikrotik-Wireless-VlanIDType 27 integer > > +ATTRIBUTE Mikrotik-Wireless-*VLANID* 26 integer > > +ATTRIBUTE Mikrotik-Wireless-*VLANID-Type* 27 integer > > > > =cut > > > > @@ -276,10 +280,18 @@ > > # Inline Vs. VLAN enforcement > > my $role = ""; > > if ( (!$args->{'wasInline'} || ($args->{'wasInline'} && > $args->{'vlan'} != 0) ) && isenabled($self->{_VlanMap})) { > > - $radius_reply_ref = { > > - 'Mikrotik-Wireless-VLANID' => $args->{'vlan'} . "", > > - 'Mikrotik-Wireless-VLANID-Type' => "0", > > - }; > > + if (($args->{'connection_type'} & $WIRELESS) == $WIRELESS) { > > + $radius_reply_ref = { > > + 'Mikrotik-Wireless-VLANID' => $args->{'vlan'} . "", > > + 'Mikrotik-Wireless-VLANID-Type' => "0", > > + }; > > + } else { > > + $radius_reply_ref = { > > + 'Tunnel-Type' => "13", > > + 'Tunnel-Medium-Type' => "6", > > + 'Tunnel-Private-Group-ID' => $args->{'vlan'} . "", > > + }; > > + } > > } > > > > $logger->info("(".$self->{'_id'}.") Returning ACCEPT with VLAN > $args->{'vlan'} and role $role"); > > > > > > > > PS: mac fallback is confirmed to be a problem since 6.48 and should get > fixed in the next stable release… > > > > > > Regards > > David Herselman > > > > *From:* Fabrice Durand <oeufd...@gmail.com> > *Sent:* Wednesday, 19 May 2021 3:00 AM > *To:* David Herselman <d...@syrex.co> > *Subject:* Re: [PacketFence-users] MikroTik dot1x (Ethernet not WiFi) > > > > Hello David, > > what you can do instead of merging wired and wireless attributes is to > test the connection type. > > > > use pf::config qw( > $MAC > $SSID > $WIRELESS_MAC_AUTH > $WEBAUTH_WIRELESS > $WIRELESS > ); > > > > .... > > > > if (($args->{'connection_type'} & $WIRELESS) == $WIRELESS) { > > > > } else { > > > > } > > > > Regards > > Fabrice > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
