Thread necromancy but i'm still struggling with this same problem and hoping someone might have tackled the same.
This original problem statement is perhaps the most accurate: "Is there a way to recalculate the role for a node from its owner information using an existing LDAP authentication source?" Cheers, David On Thu, Mar 11, 2021 at 7:45 PM David Harvey <da...@thoughtmachine.net> wrote: > Hi again! > > 802.1x (EAP-TLS), but with machine certificates so there isn't a user > attribute that's currently clearly associated with the certificates.. > Thanks as ever, > > David > > On Thu, 11 Mar 2021, 13:08 Ludovic Zammit, <lzam...@inverse.ca> wrote: > >> Hello David, >> >> Are you doing 802.1x or Mac authentication ? >> >> Thanks, >> >> >> Ludovic Zammit >> lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> >> >> >> >> >> >> On Mar 11, 2021, at 7:44 AM, David Harvey <da...@thoughtmachine.net> >> wrote: >> >> Thanks Ludovic, >> >> I've been having some difficulty on the bulk import of users to ensure >> they're created, but that's another problem for another thread ;) >> For existing users if I import using the `./pfcmd import nodes` method I >> still have to pick between them using a default role value , or specifying >> it in the csv directly. >> ```[default-role=<role>] is the default role when none is defined via >> the import file. >> When none is specified, it defaults to node_import.category in >> pf.conf >> >> Is there a way to ensure that an updated node keeps its current role or >> recalculates against the owner? >> >> Thanks again for your help, >> David >> >> On Mon, Mar 8, 2021 at 8:02 PM Ludovic Zammit <lzam...@inverse.ca> wrote: >> >>> Hello David, >>> >>> Make sure all those users are already created before the import or use >>> “default”. >>> >>> Thanks, >>> >>> >>> Ludovic Zammit >>> lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> >>> >>> >>> >>> >>> >>> On Feb 26, 2021, at 12:31 PM, David Harvey via PacketFence-users < >>> packetfence-users@lists.sourceforge.net> wrote: >>> >>> Experimenting on the same topic I have also found inconsistent behaviour >>> with "./pfcmd import nodes /tmp/testimport.csv columns=mac,pid,category" >>> >>> 00:54:E8:61:32:00,auser,developer >>> 00:F0:5D:18:93:00,anotheruser,developer >>> 00:9a:4c:51:b7:00,andanotherone,developer >>> 00:d8:00:e8:a5:00,opsuser,ops >>> >>> It seems to only set the role (category) every second run if they're all >>> the same role, on alternate runs it unsets role altogether for the nodes. >>> If I attempt a mix of roles is seems to set one role type and unsets the >>> other! >>> I hope that I can avoid setting the role here altogether given my >>> initial query on using the existing source and mechanisms, but thought it >>> worth mentioning. >>> >>> pf 10.2.0 On Debian 9.13 >>> Thanks, >>> David >>> >>> On Fri, Feb 26, 2021 at 2:59 PM David Harvey <da...@thoughtmachine.net> >>> wrote: >>> >>>> Dear Packetfence users, >>>> >>>> I'm looking for advice on updating my node owners whilst preserving or >>>> recalculating roles. >>>> With many new users working from home, their nodes have been registered >>>> as a default owner, with the role being manually set. Although I have a >>>> configured LDAP source which applies roles correctly to portal users, the >>>> users haven't been present to login through the portal. >>>> >>>> I'm looking to update the ownership with asset data that maps MAC to >>>> user using /pfcmd import nodes, but to do so requires the roles to be >>>> available on the csv file, or otherwise to set a default value. >>>> >>>> Is there a way to recalculate the role for a node from its owner >>>> information using an existing LDAP authentication source? Sadly I don't >>>> think I can use "dot1x recompute role from portal" as my my certs are >>>> machine certs and don't have the owner/pid present. I"ve been struggling to >>>> find info on the "MAC auth computer role from portal" option. >>>> >>>> Thanks in advance, >>>> >>>> David >>>> >>>> >>>> -- >>>> Data Classification: Public >>>> >>>> >>> >>> -- >>> >>> >> >> >> Thought Machine Group a limited company registered in England & Wales. >> Registered number: 11114277. >> Registered Office: 5 New Street Square, London EC4A 3TW >> <https://maps.google.com/?q=5+New+Street+Square,+London+EC4A+3TW&entry=gmail&source=g> >> . >> >> The content of this email is confidential and intended for the recipient >> specified in message only. It is strictly forbidden to share any part of >> this message with any third party, without a written consent of the sender. >> If you received this message by mistake, please reply to this message and >> follow with its deletion, so that we can ensure such a mistake does not >> occur in the future. >> >> >> -- David Harvey Director of Internal Technology, Thought Machine Data Classification: Public *Web*: www.thoughtmachine.net -- Thought Machine Group a limited company registered in England & Wales. Registered number: 11114277. Registered Office: 5 New Street Square, London EC4A 3TW <https://maps.google.com/?q=5+New+Street+Square,+London+EC4A+3TW&entry=gmail&source=g>. The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
