Re: [PacketFence-users] Couple questions about RADIUS Filters

2017-10-06 Thread Durand fabrice via PacketFence-users 

Hello Robert,

it looks correct.

To add debug, you can do that:

Add that in the code : 
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/radius.pm#L315


use Data::Dumper;

$logger->warn(Dumper $args);

then restart httpd.aaa


Regards

Fabrice



Le 2017-10-06 à 16:59, Robert Meany via PacketFence-users a écrit :

We have a Tellabs PON which is unsupported by packetfence, but I have
had luck in sending the correct RADIUS auth responses for MAB VLAN
assignment.  I'm trying to write a custom filter to send the
registration VLAN for a "user" that is unregistered but am not having
luck with it ... Here's what the code looks like...

[isPON]
filter = radius_request.NAS-Identifier
operator = is
value = NHS-OLT1

[userNotRegistered]
filter = node_info.status
operator = is
value = unreg

[PON_unreg:isPON]
merge_answer = yes
answer1 = Filter-ID => TLAB:PROFILE-SVC=306-Registration-Untagged

[isPON] works correctly but [userNotRegistered] is not seeing
node_info.status as 'unreg' (and the device is definitely
unregistered)

Can anyone help me with this?

Also - is there any way I can debug and see what the current values of
the variables available to the filter configuration are?
-
Robert Meany
Information Technology Dept.
Naugatuck Public Schools
475-212-3225 (BoE ext 1063)

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence working with WLC 8.3.122

2017-10-06 Thread Durand fabrice via PacketFence-users 

Hello,

can you try to set the redirect url in http instead of https ?

Regards
Fabrice

Le 2017-10-06 à 16:02, bott via PacketFence-users a écrit :

Hello,

We have had packetfence working on older versions and are looking 
upgrade our WLC and Packetfence install.



From a fresh install only using "web-auth" and following the provided 
guide on the website for the WLC controller it looks as if everything 
is fine. I see the client connect, the ACL is sent and in the client 
information as well as the redirect URL.


However a few things happen:
1. The user does not get redirected when attempting to browse. (IE: 
input google.com in browser and nothing happens but a timeout - no 
redirect)
2. I can access the URL directly that is listed in the "Redirect URL" 
on the WLC.


The interface is different from version 6 so I'm not sure if I'm 
missing something. I've provided screenshots here to show that it 
looks fine:

https://imgur.com/a/KGjRx

I'm not sure why its not forcing a redirect when trying to browse, any 
help would be appreciated.




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal allow only selected usernames

2017-10-06 Thread Durand fabrice via PacketFence-users 

It's in the source where you have to define the rules.

Also you can use a regexp in the rule to match what you need.

Last thing , keep in mind that there is an order in the rule, so the 
first match win and the last one can match by default.



Le 2017-10-06 à 05:19, Tomasz Karczewski via PacketFence-users a écrit :


Thank you for response.

Where exactly do i have to make these rules?

Sources? Portal Profiles? Vlan filters?

One more question. Does there a way to add to advanced rule to match 
i.e. company field defined in users field?


If this field not match don’t allow?

Tomasz Karczewski

Administrator Sieci

olman

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

*From:*Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]

*Sent:* Thursday, October 5, 2017 8:12 PM
*To:* packetfence-users@lists.sourceforge.net
*Cc:* Fabrice Durand 
*Subject:* Re: [PacketFence-users] Captive Portal allow only selected 
usernames


Hello Tomasz,

create a rule for each users and at the end add a catch_all with the 
reject role.


Regards

Fabrice

Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a écrit :

Hi,

I'm trying to allow only selected users to wifi with specific ssid and

connection-type.

For example i have ssid "specificusers" connection type wireless-noeap.

I want to allow only selected usernames to allow and register device with

specific role i.e. "specificusers"

us...@domain.com   us...@domain.com 
  us...@domain.com   and not allow 
any other

usernames.

Did anyone do this?

Tnx for answers

Tomasz Karczewski





--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org!http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net


https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca   ::  +1.514.447.4918 (x135) 
::www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Couple questions about RADIUS Filters

2017-10-06 Thread Robert Meany via PacketFence-users 
We have a Tellabs PON which is unsupported by packetfence, but I have
had luck in sending the correct RADIUS auth responses for MAB VLAN
assignment.  I'm trying to write a custom filter to send the
registration VLAN for a "user" that is unregistered but am not having
luck with it ... Here's what the code looks like...

[isPON]
filter = radius_request.NAS-Identifier
operator = is
value = NHS-OLT1

[userNotRegistered]
filter = node_info.status
operator = is
value = unreg

[PON_unreg:isPON]
merge_answer = yes
answer1 = Filter-ID => TLAB:PROFILE-SVC=306-Registration-Untagged

[isPON] works correctly but [userNotRegistered] is not seeing
node_info.status as 'unreg' (and the device is definitely
unregistered)

Can anyone help me with this?

Also - is there any way I can debug and see what the current values of
the variables available to the filter configuration are?
-
Robert Meany
Information Technology Dept.
Naugatuck Public Schools
475-212-3225 (BoE ext 1063)

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Packetfence working with WLC 8.3.122

2017-10-06 Thread bott via PacketFence-users 

Hello,

We have had packetfence working on older versions and are looking 
upgrade our WLC and Packetfence install.



From a fresh install only using "web-auth" and following the provided 
guide on the website for the WLC controller it looks as if everything is 
fine. I see the client connect, the ACL is sent and in the client 
information as well as the redirect URL.


However a few things happen:
1. The user does not get redirected when attempting to browse. (IE: 
input google.com in browser and nothing happens but a timeout - no redirect)
2. I can access the URL directly that is listed in the "Redirect URL" on 
the WLC.


The interface is different from version 6 so I'm not sure if I'm missing 
something. I've provided screenshots here to show that it looks fine:

https://imgur.com/a/KGjRx

I'm not sure why its not forcing a redirect when trying to browse, any 
help would be appreciated.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal allow only selected usernames

2017-10-06 Thread Tomasz Karczewski via PacketFence-users 
Thank you for response.

Where exactly do i have to make these rules?

Sources? Portal Profiles? Vlan filters?

One more question. Does there a way to add to advanced rule to match i.e. 
company field defined in users field?

If this field not match don’t allow?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Thursday, October 5, 2017 8:12 PM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand 
Subject: Re: [PacketFence-users] Captive Portal allow only selected usernames

 

Hello Tomasz,

create a rule for each users and at the end add a catch_all with the reject 
role.

Regards

Fabrice

 

 

Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a écrit :

Hi,
 
I'm trying to allow only selected users to wifi with specific ssid and 
connection-type.
For example i have ssid "specificusers" connection type wireless-noeap.
I want to allow only selected usernames to allow and register device with 
specific role i.e. "specificusers"
us...@domain.com   us...@domain.com 
  us...@domain.com   and not 
allow any other 
usernames.
Did anyone do this?
 
Tnx for answers
Tomasz Karczewski






--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot






___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
 
https://lists.sourceforge.net/lists/listinfo/packetfence-users





-- 
Fabrice Durand
fdur...@inverse.ca   ::  +1.514.447.4918 (x135) ::  
www.inverse.ca  
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 


smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users