Re: [PacketFence-users] Administrator RADIUS role

Павел Семенищев via PacketFence-users Fri, 20 Aug 2021 11:38:39 -0700

Hi there
Has anyone configured RBAC for packetfence admins via external RADIUS?
 
 
--
Best Regards,
Pavel
 
  
>Среда, 18 августа 2021, 19:46 +03:00 от Павел Семенищев via PacketFence-users 
><packetfence-users@lists.sourceforge.net>:
> 
>Hi there
> 
>I’ve just installed ZEN-v10.3.0
>I am trying to set up web administrators authorization through an external 
>RADIUS server.
>If I create Authentication Source -> Administration Rules
>without conditions, then the administrator is authorized with the required role
> 
>[NasRadius rule AdminRoleNode]
>action0 = set_access_level = Node Manager
>status = enabled
>match = any
>class = administration
> 
>But I need to assign different roles to different administrators.
>How to add a condition and in which RADIUS attribute should I transfer the 
>role?
> 
>I have tried adding a condition
> 
>[NasRadius rule AdminRoleNode]
>action0 = set_access_level = Node Manager
>condition0 = radius_request.Reply-Message, equals, NodeManager
>status = enabled
>match = any
>class = administration
> 
>External RADIUS returns role in attribute
> 
>        Access-Accept (2), id: 0xa5, Authenticator: 
>63540bff74a2eb318a4ba0b6b8b6c9c6
>          Reply-Message Attribute (18), length: 13, Value: NodeManager
> 
>But PF does not authorize the web administrator.
> 
>--
>Kind regards,
>Pavel Semenischev
>_______________________________________________
>PacketFence-users mailing list
>PacketFence-users@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/packetfence-users

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Administrator RADIUS role

Reply via email to