Re: [PacketFence-users] Switch CLI Access
Hello Tobias,
thanks for testing it.
Btw i have update the PacketFence code to take care of that for the next
release.
Regards
Fabrice
Le 2018-06-11 à 08:28, Meiser Tobias a écrit :
Hi Fabrice,
your solution works well. Thanks for your answer.
Regards
Tobias
*Von:*Fabrice Durand via PacketFence-users
*Gesendet:* Freitag, 8. Juni 2018 14:44
*An:* packetfence-users@lists.sourceforge.net
*Cc:* Fabrice Durand
*Betreff:* Re: [PacketFence-users] Switch CLI Access
Hello Tobias,
bte we don't have all the switches supported in PacketFence to be able
to test if the CLI access is wroking.
But if you tell me that the generic switch works with CLI access then
you can try to add that in the H3C.pm file:
=item returnAuthorizeWrite
Return a generic accept without any attributes for this module
=cut
sub returnAuthorizeWrite {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Reply-Message'} = "Switch enable access
granted by PacketFence";
$logger->info("User $args->{'user_name'} logged in
$args->{'switch'}{'_id'} with write access");
my $filter = pf::access_filter::radius->new;
my $rule = $filter->test('returnAuthorizeWrite', $args);
($radius_reply_ref, $status) =
$filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
return [$status, %$radius_reply_ref];
}
=item returnAuthorizeRead
Return a generic accept without any attributes for this module
=cut
sub returnAuthorizeRead {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Reply-Message'} = "Switch read access granted
by PacketFence";
$logger->info("User $args->{'user_name'} logged in
$args->{'switch'}{'_id'} with read access");
my $filter = pf::access_filter::radius->new;
my $rule = $filter->test('returnAuthorizeRead', $args);
($radius_reply_ref, $status) =
$filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
return [$status, %$radius_reply_ref];
}
Regards
Fabrice
Le 2018-06-07 à 07:03, Meiser Tobias via PacketFence-users a écrit :
Hello Fabrice,
we are using H3C::S5120 as Switch Type. When I try to logon via
CLI the Radius replies: Module-Failure-Message = "rest:
{\"control:PacketFence-Authorization-Status\":\"allow\",\"Reply-Message\":\"PacketFence
does not support this switch for read/write access login\"}
When I change switch type to „Generic“ the switch login works as
expected. Is there a list of switches which are supported for cli
access ?
Best Regards
Tobias
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Switch CLI Access
Hi Fabrice,
your solution works well. Thanks for your answer.
Regards
Tobias
Von: Fabrice Durand via PacketFence-users
Gesendet: Freitag, 8. Juni 2018 14:44
An: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Betreff: Re: [PacketFence-users] Switch CLI Access
Hello Tobias,
bte we don't have all the switches supported in PacketFence to be able to test
if the CLI access is wroking.
But if you tell me that the generic switch works with CLI access then you can
try to add that in the H3C.pm file:
=item returnAuthorizeWrite
Return a generic accept without any attributes for this module
=cut
sub returnAuthorizeWrite {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by
PacketFence";
$logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'}
with write access");
my $filter = pf::access_filter::radius->new;
my $rule = $filter->test('returnAuthorizeWrite', $args);
($radius_reply_ref, $status) =
$filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
return [$status, %$radius_reply_ref];
}
=item returnAuthorizeRead
Return a generic accept without any attributes for this module
=cut
sub returnAuthorizeRead {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Reply-Message'} = "Switch read access granted by
PacketFence";
$logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'}
with read access");
my $filter = pf::access_filter::radius->new;
my $rule = $filter->test('returnAuthorizeRead', $args);
($radius_reply_ref, $status) =
$filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
return [$status, %$radius_reply_ref];
}
Regards
Fabrice
Le 2018-06-07 à 07:03, Meiser Tobias via PacketFence-users a écrit :
Hello Fabrice,
we are using H3C::S5120 as Switch Type. When I try to logon via CLI the Radius
replies: Module-Failure-Message = "rest:
{\"control:PacketFence-Authorization-Status\":\"allow\",\"Reply-Message\":\"PacketFence
does not support this switch for read/write access login\"}
When I change switch type to "Generic" the switch login works as expected. Is
there a list of switches which are supported for cli access ?
Best Regards
Tobias
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Switch CLI Access
Hello Tobias,
bte we don't have all the switches supported in PacketFence to be able
to test if the CLI access is wroking.
But if you tell me that the generic switch works with CLI access then
you can try to add that in the H3C.pm file:
=item returnAuthorizeWrite
Return a generic accept without any attributes for this module
=cut
sub returnAuthorizeWrite {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Reply-Message'} = "Switch enable access
granted by PacketFence";
$logger->info("User $args->{'user_name'} logged in
$args->{'switch'}{'_id'} with write access");
my $filter = pf::access_filter::radius->new;
my $rule = $filter->test('returnAuthorizeWrite', $args);
($radius_reply_ref, $status) =
$filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
return [$status, %$radius_reply_ref];
}
=item returnAuthorizeRead
Return a generic accept without any attributes for this module
=cut
sub returnAuthorizeRead {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Reply-Message'} = "Switch read access granted
by PacketFence";
$logger->info("User $args->{'user_name'} logged in
$args->{'switch'}{'_id'} with read access");
my $filter = pf::access_filter::radius->new;
my $rule = $filter->test('returnAuthorizeRead', $args);
($radius_reply_ref, $status) =
$filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
return [$status, %$radius_reply_ref];
}
Regards
Fabrice
Le 2018-06-07 à 07:03, Meiser Tobias via PacketFence-users a écrit :
Hello Fabrice,
we are using H3C::S5120 as Switch Type. When I try to logon via CLI
the Radius replies: Module-Failure-Message = "rest:
{\"control:PacketFence-Authorization-Status\":\"allow\",\"Reply-Message\":\"PacketFence
does not support this switch for read/write access login\"}
When I change switch type to „Generic“ the switch login works as
expected. Is there a list of switches which are supported for cli access ?
Best Regards
Tobias
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Switch CLI Access
Hello Fabrice,
we are using H3C::S5120 as Switch Type. When I try to logon via CLI the Radius
replies: Module-Failure-Message = "rest:
{\"control:PacketFence-Authorization-Status\":\"allow\",\"Reply-Message\":\"PacketFence
does not support this switch for read/write access login\"}
When I change switch type to "Generic" the switch login works as expected. Is
there a list of switches which are supported for cli access ?
Best Regards
Tobias
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
