Re: [PacketFence-users] Switch CLI Access
Hello Tobias, thanks for testing it. Btw i have update the PacketFence code to take care of that for the next release. Regards Fabrice Le 2018-06-11 à 08:28, Meiser Tobias a écrit : Hi Fabrice, your solution works well. Thanks for your answer. Regards Tobias *Von:*Fabrice Durand via PacketFence-users *Gesendet:* Freitag, 8. Juni 2018 14:44 *An:* packetfence-users@lists.sourceforge.net *Cc:* Fabrice Durand *Betreff:* Re: [PacketFence-users] Switch CLI Access Hello Tobias, bte we don't have all the switches supported in PacketFence to be able to test if the CLI access is wroking. But if you tell me that the generic switch works with CLI access then you can try to add that in the H3C.pm file: =item returnAuthorizeWrite Return a generic accept without any attributes for this module =cut sub returnAuthorizeWrite { my ($self, $args) = @_; my $logger = $self->logger; my $radius_reply_ref; my $status; $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence"; $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access"); my $filter = pf::access_filter::radius->new; my $rule = $filter->test('returnAuthorizeWrite', $args); ($radius_reply_ref, $status) = $filter->handleAnswerInRule($rule,$args,$radius_reply_ref); return [$status, %$radius_reply_ref]; } =item returnAuthorizeRead Return a generic accept without any attributes for this module =cut sub returnAuthorizeRead { my ($self, $args) = @_; my $logger = $self->logger; my $radius_reply_ref; my $status; $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence"; $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access"); my $filter = pf::access_filter::radius->new; my $rule = $filter->test('returnAuthorizeRead', $args); ($radius_reply_ref, $status) = $filter->handleAnswerInRule($rule,$args,$radius_reply_ref); return [$status, %$radius_reply_ref]; } Regards Fabrice Le 2018-06-07 à 07:03, Meiser Tobias via PacketFence-users a écrit : Hello Fabrice, we are using H3C::S5120 as Switch Type. When I try to logon via CLI the Radius replies: Module-Failure-Message = "rest: {\"control:PacketFence-Authorization-Status\":\"allow\",\"Reply-Message\":\"PacketFence does not support this switch for read/write access login\"} When I change switch type to „Generic“ the switch login works as expected. Is there a list of switches which are supported for cli access ? Best Regards Tobias -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org!http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) ::www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Switch CLI Access
Hi Fabrice, your solution works well. Thanks for your answer. Regards Tobias Von: Fabrice Durand via PacketFence-users Gesendet: Freitag, 8. Juni 2018 14:44 An: packetfence-users@lists.sourceforge.net Cc: Fabrice Durand Betreff: Re: [PacketFence-users] Switch CLI Access Hello Tobias, bte we don't have all the switches supported in PacketFence to be able to test if the CLI access is wroking. But if you tell me that the generic switch works with CLI access then you can try to add that in the H3C.pm file: =item returnAuthorizeWrite Return a generic accept without any attributes for this module =cut sub returnAuthorizeWrite { my ($self, $args) = @_; my $logger = $self->logger; my $radius_reply_ref; my $status; $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence"; $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access"); my $filter = pf::access_filter::radius->new; my $rule = $filter->test('returnAuthorizeWrite', $args); ($radius_reply_ref, $status) = $filter->handleAnswerInRule($rule,$args,$radius_reply_ref); return [$status, %$radius_reply_ref]; } =item returnAuthorizeRead Return a generic accept without any attributes for this module =cut sub returnAuthorizeRead { my ($self, $args) = @_; my $logger = $self->logger; my $radius_reply_ref; my $status; $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence"; $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access"); my $filter = pf::access_filter::radius->new; my $rule = $filter->test('returnAuthorizeRead', $args); ($radius_reply_ref, $status) = $filter->handleAnswerInRule($rule,$args,$radius_reply_ref); return [$status, %$radius_reply_ref]; } Regards Fabrice Le 2018-06-07 à 07:03, Meiser Tobias via PacketFence-users a écrit : Hello Fabrice, we are using H3C::S5120 as Switch Type. When I try to logon via CLI the Radius replies: Module-Failure-Message = "rest: {\"control:PacketFence-Authorization-Status\":\"allow\",\"Reply-Message\":\"PacketFence does not support this switch for read/write access login\"} When I change switch type to "Generic" the switch login works as expected. Is there a list of switches which are supported for cli access ? Best Regards Tobias -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Switch CLI Access
Hello Tobias, bte we don't have all the switches supported in PacketFence to be able to test if the CLI access is wroking. But if you tell me that the generic switch works with CLI access then you can try to add that in the H3C.pm file: =item returnAuthorizeWrite Return a generic accept without any attributes for this module =cut sub returnAuthorizeWrite { my ($self, $args) = @_; my $logger = $self->logger; my $radius_reply_ref; my $status; $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence"; $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access"); my $filter = pf::access_filter::radius->new; my $rule = $filter->test('returnAuthorizeWrite', $args); ($radius_reply_ref, $status) = $filter->handleAnswerInRule($rule,$args,$radius_reply_ref); return [$status, %$radius_reply_ref]; } =item returnAuthorizeRead Return a generic accept without any attributes for this module =cut sub returnAuthorizeRead { my ($self, $args) = @_; my $logger = $self->logger; my $radius_reply_ref; my $status; $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence"; $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access"); my $filter = pf::access_filter::radius->new; my $rule = $filter->test('returnAuthorizeRead', $args); ($radius_reply_ref, $status) = $filter->handleAnswerInRule($rule,$args,$radius_reply_ref); return [$status, %$radius_reply_ref]; } Regards Fabrice Le 2018-06-07 à 07:03, Meiser Tobias via PacketFence-users a écrit : Hello Fabrice, we are using H3C::S5120 as Switch Type. When I try to logon via CLI the Radius replies: Module-Failure-Message = "rest: {\"control:PacketFence-Authorization-Status\":\"allow\",\"Reply-Message\":\"PacketFence does not support this switch for read/write access login\"} When I change switch type to „Generic“ the switch login works as expected. Is there a list of switches which are supported for cli access ? Best Regards Tobias -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Switch CLI Access
Hello Fabrice, we are using H3C::S5120 as Switch Type. When I try to logon via CLI the Radius replies: Module-Failure-Message = "rest: {\"control:PacketFence-Authorization-Status\":\"allow\",\"Reply-Message\":\"PacketFence does not support this switch for read/write access login\"} When I change switch type to "Generic" the switch login works as expected. Is there a list of switches which are supported for cli access ? Best Regards Tobias -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users