In fact it´s a little bit more complicate since you do autoregistration. What you can do is to trigger the security event with action isolate. Then create a vlan filter that disable the autoregistration if the security event is open for this device.
Then the first request will be rejected (security event triggered) and once the device reconnect it will go in the isolation vlan. Vlan filter: [Disable_Auto_reg] description=Disable Auto Reg on security event run_actions=enabled status=enabled condition=security_event.id == "3000009" top_op=and scopes=AutoRegister role=REJECT Security event: [3000009] trigger=internal::is_max_reg_nodes_reached desc=Max node access_duration=12h actions=reevaluate_access window=dynamic enabled=Y Le lun. 13 sept. 2021 à 13:04, Arun Kangle <akan...@gmail.com> a écrit : > Hi Fabrice, > I did quick testing, it's not triggering. I am using V 11.0, upgraded > from 10.3.9 > 1) while creating the security event, GUI shows the error (attached > screenshot) but event is created successfully > 2) event is not getting triggered, so no further actions (like > assign isoalation role and not getting redirected to web-page) > > security_event.conf > more security_events.conf > [3000007] > desc=Private MAC Address detection > actions=log,reevaluate_access > enabled=Y > whitelisted_roles=default,v-guest,r-guest,registration > > [3000008] > access_duration=12h > enabled=Y > template=banned_os > trigger=internal::is_max_reg_nodes_reached > desc=Max nodes reached > actions=reevaluate_access > # Copyright (C) Inverse inc. > > > Logs: > > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > INFO: [mac:38:ba:f8:de:a7:10] handling radius autz request: from switch_ip > => (192.168.2.27), connection_type => Wireless-802.11-EAP,switch_mac => > (00:4e:35:cc:8d:ee), mac => [38:ba:f8:de:a7:10], port => 0, username => > "hodtest", ssid => aolicnet (pf::radius::authorize) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > INFO: [mac:38:ba:f8:de:a7:10] Instantiate profile dot1x-eap > (pf::Connection::ProfileFactory::_from_profile) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > INFO: [mac:38:ba:f8:de:a7:10] Found authentication source(s) : > 'set-group-based-role' for realm 'null' > (pf::config::util::filter_authentication_sources) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > INFO: [mac:38:ba:f8:de:a7:10] Using sources set-group-based-role for > matching (pf::authentication::match2) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > WARN: [mac:38:ba:f8:de:a7:10] [set-group-based-role set-role-Bypassed] > Searching for > (&(sAMAccountName=hodtest)(memberOf=CN=Bypassed,OU=AOL-Group,DC=AOLIC,DC=NET)), > from DC=AOLIC,DC=NET, with scope sub > (pf::Authentication::Source::LDAPSource::match_in_subclass) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > WARN: [mac:38:ba:f8:de:a7:10] [set-group-based-role set-role-HOD] Searching > for > (&(sAMAccountName=hodtest)(memberOf=CN=HOD,OU=AOL-Group,DC=AOLIC,DC=NET)), > from DC=AOLIC,DC=NET, with scope sub > (pf::Authentication::Source::LDAPSource::match_in_subclass) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > INFO: [mac:38:ba:f8:de:a7:10] Matched rule (set-role-HOD) in source > set-group-based-role, returning actions. > (pf::Authentication::Source::match_rule) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > INFO: [mac:38:ba:f8:de:a7:10] Matched rule (set-role-HOD) in source > set-group-based-role, returning actions. (pf::Authentication::Source::match) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > INFO: [mac:38:ba:f8:de:a7:10] per-role max nodes per-user limit reached: 1 > are already registered to pid hodtest for role HOD > (pf::node::is_max_reg_nodes_reached) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > WARN: [mac:38:ba:f8:de:a7:10] Unable to pull accounting history for device > 38:ba:f8:de:a7:10. The history set doesn't exist yet. > (pf::accounting_events_history::latest_mac_history) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > INFO: [mac:38:ba:f8:de:a7:10] security_event 3000008 (trigger > internal::is_max_reg_nodes_reached) already exists for 38:ba:f8:de:a7:10, > not adding again (pf::security_event::security_event_trigger) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > ERROR: [mac:38:ba:f8:de:a7:10] max nodes per pid met or exceeded - > registration of 38:ba:f8:de:a7:10 to hodtest failed > (pf::registration::setup_node_for_registration) > Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029) > ERROR: [mac:38:ba:f8:de:a7:10] auto-registration of node failed max nodes > per pid met or exceeded (pf::radius::authorize) > > > On Mon, Sep 13, 2021 at 1:33 PM Arun Kangle <akan...@gmail.com> wrote: > >> Thanks a lot for your help Fabrice. I patched my server. Will do some >> testing and let you know. >> >> Regards, >> - Arun >> >> On Mon, Sep 13, 2021 at 5:56 AM Fabrice Durand <oeufd...@gmail.com> >> wrote: >> >>> Hello Arun, >>> >>> try that. >>> cd /usr/local/pf >>> patch -p1 --dry-run < max_node.diff >>> if there is no error: >>> patch -p1 < max_node.diff >>> >>> Then restart packetfence. >>> >>> Regards >>> Fabrice >>> >>> Le sam. 11 sept. 2021 à 10:40, Arun Kangle <akan...@gmail.com> a écrit : >>> >>>> Hi Fabrice, >>>> Thanks for your reply. I will need help on this. >>>> >>>> Thanks again, >>>> - Arun >>>> >>>> On Sat, Sep 11, 2021 at 7:25 AM Fabrice Durand <oeufd...@gmail.com> >>>> wrote: >>>> >>>>> Hello Arun, >>>>> >>>>> there is no security event that trigger that but it´s not something >>>>> really complicate to add in packetfence. >>>>> >>>>> If you look at is_max_reg_nodes_reached in node.pm, you can trigger a >>>>> security event from there. >>>>> >>>>> Let me know if you need help on that, it won´t take me so much time to >>>>> code it. >>>>> >>>>> Regards >>>>> Fabrice >>>>> >>>>> >>>>> Le mer. 25 août 2021 à 05:54, Arun Kangle via PacketFence-users < >>>>> packetfence-users@lists.sourceforge.net> a écrit : >>>>> >>>>>> Hello All, >>>>>> I went through the install guide and this list but I did not find >>>>>> information on how to configure a customer security event. >>>>>> Basically I wanted to trigger a custom security event when " max >>>>>> nodes per pid met or exceeded" and move the node to the isolation vlan so >>>>>> that the user can deregister one of the nodes to proceed. >>>>>> >>>>>> Thanks on advance, >>>>>> - Arun >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
