Re: [PacketFence-users] Captive Portal allow only selected usernames
Hello Tomasz, you can try to validate your rules with pftest. Also can you try to esacpe @ like : condition0=username,starts,testuser\@ Regards Fabrice Le 2017-10-09 à 05:33, Tomasz Karczewski via PacketFence-users a écrit : > > Hi Fabrice, > > > > I’ve made source as you said. I have radius source with rules below > > > > [RADIUS rule ALLOW] > > description=Allow > > class=authentication > > match=any > > action0=set_role=guest > > action1=set_access_duration=1D > > condition0=username,starts,testuser@ > > > > [RADIUS rule REJECT] > > description=Reject all > > class=authentication > > match=all > > action0=set_role=REJECT > > action1=set_access_duration=1h > > > > It should allow only username starts with „testuser” but REJECT rule > seems no to work. > > Still registering other users. Maibe i missed something? > > > > Tomasz Karczewski > > Administrator Sieci > > > > olman > > > > tkarczew...@man.olsztyn.pl > > http://www.man.olsztyn.pl http://www.uwm.edu.pl > > tel. (89) 523 45 55 fax. (89) 523 43 47 > > > > Ośrodek Eksploatacji i Zarządzania > > Miejską Siecią Komputerową OLMAN w Olsztynie > > Uniwersytet Warmińsko-Mazurski w Olsztynie > > > > *From:*Durand fabrice via PacketFence-users > [mailto:packetfence-users@lists.sourceforge.net] > *Sent:* Friday, October 6, 2017 11:52 PM > *To:* packetfence-users@lists.sourceforge.net > *Cc:* Durand fabrice <fdur...@inverse.ca> > *Subject:* Re: [PacketFence-users] Captive Portal allow only selected > usernames > > > > It's in the source where you have to define the rules. > > Also you can use a regexp in the rule to match what you need. > > Last thing , keep in mind that there is an order in the rule, so the > first match win and the last one can match by default. > > > > Le 2017-10-06 à 05:19, Tomasz Karczewski via PacketFence-users a écrit : > > Thank you for response. > > Where exactly do i have to make these rules? > > Sources? Portal Profiles? Vlan filters? > > One more question. Does there a way to add to advanced rule to > match i.e. company field defined in users field? > > If this field not match don’t allow? > > > > Tomasz Karczewski > > Administrator Sieci > > > > olman > > > > tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> > > http://www.man.olsztyn.pl http://www.uwm.edu.pl > > tel. (89) 523 45 55 fax. (89) 523 43 47 > > > > Ośrodek Eksploatacji i Zarządzania > > Miejską Siecią Komputerową OLMAN w Olsztynie > > Uniwersytet Warmińsko-Mazurski w Olsztynie > > > > *From:*Fabrice Durand via PacketFence-users > [mailto:packetfence-users@lists.sourceforge.net] > *Sent:* Thursday, October 5, 2017 8:12 PM > *To:* packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > *Cc:* Fabrice Durand <fdur...@inverse.ca> <mailto:fdur...@inverse.ca> > *Subject:* Re: [PacketFence-users] Captive Portal allow only > selected usernames > > > > Hello Tomasz, > > create a rule for each users and at the end add a catch_all with > the reject role. > > Regards > > Fabrice > > > > > > Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a > écrit : > > Hi, > > > > I'm trying to allow only selected users to wifi with specific ssid > and > > connection-type. > > For example i have ssid "specificusers" connection type > wireless-noeap. > > I want to allow only selected usernames to allow and register device > with > > specific role i.e. "specificusers" > > us...@domain.com <mailto:us...@domain.com> us...@domain.com > <mailto:us...@domain.com> us...@domain.com <mailto:us...@domain.com> and not > allow any other > > usernames. > > Did anyone do this? > > > > Tnx for answers > > Tomasz Karczewski > > > > > > > -- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > > > ___ > >
Re: [PacketFence-users] Captive Portal allow only selected usernames
Just a little example here: https://packetfence.org/doc/PacketFence_Administration_Guide.html#_connection_profiles Le 2017-10-09 à 02:40, Tomasz Karczewski via PacketFence-users a écrit : > > Thank you Fabrice. > > One more question. Where can i find values or examples of captive > portal advanced filters? > > > > Tomasz Karczewski > > Administrator Sieci > > > > olman > > > > tkarczew...@man.olsztyn.pl > > http://www.man.olsztyn.pl http://www.uwm.edu.pl > > tel. (89) 523 45 55 fax. (89) 523 43 47 > > > > Ośrodek Eksploatacji i Zarządzania > > Miejską Siecią Komputerową OLMAN w Olsztynie > > Uniwersytet Warmińsko-Mazurski w Olsztynie > > > > *From:*Durand fabrice via PacketFence-users > [mailto:packetfence-users@lists.sourceforge.net] > *Sent:* Friday, October 6, 2017 11:52 PM > *To:* packetfence-users@lists.sourceforge.net > *Cc:* Durand fabrice <fdur...@inverse.ca> > *Subject:* Re: [PacketFence-users] Captive Portal allow only selected > usernames > > > > It's in the source where you have to define the rules. > > Also you can use a regexp in the rule to match what you need. > > Last thing , keep in mind that there is an order in the rule, so the > first match win and the last one can match by default. > > > > Le 2017-10-06 à 05:19, Tomasz Karczewski via PacketFence-users a écrit : > > Thank you for response. > > Where exactly do i have to make these rules? > > Sources? Portal Profiles? Vlan filters? > > One more question. Does there a way to add to advanced rule to > match i.e. company field defined in users field? > > If this field not match don’t allow? > > > > Tomasz Karczewski > > Administrator Sieci > > > > olman > > > > tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> > > http://www.man.olsztyn.pl http://www.uwm.edu.pl > > tel. (89) 523 45 55 fax. (89) 523 43 47 > > > > Ośrodek Eksploatacji i Zarządzania > > Miejską Siecią Komputerową OLMAN w Olsztynie > > Uniwersytet Warmińsko-Mazurski w Olsztynie > > > > *From:*Fabrice Durand via PacketFence-users > [mailto:packetfence-users@lists.sourceforge.net] > *Sent:* Thursday, October 5, 2017 8:12 PM > *To:* packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > *Cc:* Fabrice Durand <fdur...@inverse.ca> <mailto:fdur...@inverse.ca> > *Subject:* Re: [PacketFence-users] Captive Portal allow only > selected usernames > > > > Hello Tomasz, > > create a rule for each users and at the end add a catch_all with > the reject role. > > Regards > > Fabrice > > > > > > Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a > écrit : > > Hi, > > > > I'm trying to allow only selected users to wifi with specific ssid > and > > connection-type. > > For example i have ssid "specificusers" connection type > wireless-noeap. > > I want to allow only selected usernames to allow and register device > with > > specific role i.e. "specificusers" > > us...@domain.com <mailto:us...@domain.com> us...@domain.com > <mailto:us...@domain.com> us...@domain.com <mailto:us...@domain.com> and not > allow any other > > usernames. > > Did anyone do this? > > > > Tnx for answers > > Tomasz Karczewski > > > > > > > -- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > > > ___ > > PacketFence-users mailing list > > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > -- > > Fabrice Durand > > fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) > :: www.inverse.ca <http://www.inverse.ca> > > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > --
Re: [PacketFence-users] Captive Portal allow only selected usernames
Thank you Fabrice. One more question. Where can i find values or examples of captive portal advanced filters? Tomasz Karczewski Administrator Sieci tkarczew...@man.olsztyn.pl http://www.man.olsztyn.pl http://www.uwm.edu.pl tel. (89) 523 45 55 fax. (89) 523 43 47 Ośrodek Eksploatacji i Zarządzania Miejską Siecią Komputerową OLMAN w Olsztynie Uniwersytet Warmińsko-Mazurski w Olsztynie From: Durand fabrice via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: Friday, October 6, 2017 11:52 PM To: packetfence-users@lists.sourceforge.net Cc: Durand fabrice <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Captive Portal allow only selected usernames It's in the source where you have to define the rules. Also you can use a regexp in the rule to match what you need. Last thing , keep in mind that there is an order in the rule, so the first match win and the last one can match by default. Le 2017-10-06 à 05:19, Tomasz Karczewski via PacketFence-users a écrit : Thank you for response. Where exactly do i have to make these rules? Sources? Portal Profiles? Vlan filters? One more question. Does there a way to add to advanced rule to match i.e. company field defined in users field? If this field not match don’t allow? Tomasz Karczewski Administrator Sieci tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> http://www.man.olsztyn.pl http://www.uwm.edu.pl tel. (89) 523 45 55 fax. (89) 523 43 47 Ośrodek Eksploatacji i Zarządzania Miejską Siecią Komputerową OLMAN w Olsztynie Uniwersytet Warmińsko-Mazurski w Olsztynie From: Fabrice Durand via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: Thursday, October 5, 2017 8:12 PM To: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Cc: Fabrice Durand <mailto:fdur...@inverse.ca> <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Captive Portal allow only selected usernames Hello Tomasz, create a rule for each users and at the end add a catch_all with the reject role. Regards Fabrice Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a écrit : Hi, I'm trying to allow only selected users to wifi with specific ssid and connection-type. For example i have ssid "specificusers" connection type wireless-noeap. I want to allow only selected usernames to allow and register device with specific role i.e. "specificusers" us...@domain.com <mailto:us...@domain.com> us...@domain.com <mailto:us...@domain.com> us...@domain.com <mailto:us...@domain.com> and not allow any other usernames. Did anyone do this? Tnx for answers Tomasz Karczewski -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) :: www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users smime.p7s Description: S/MIME cryptographic signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Captive Portal allow only selected usernames
Hi Fabrice, I’ve made source as you said. I have radius source with rules below [RADIUS rule ALLOW] description=Allow class=authentication match=any action0=set_role=guest action1=set_access_duration=1D condition0=username,starts,testuser@ [RADIUS rule REJECT] description=Reject all class=authentication match=all action0=set_role=REJECT action1=set_access_duration=1h It should allow only username starts with „testuser” but REJECT rule seems no to work. Still registering other users. Maibe i missed something? Tomasz Karczewski Administrator Sieci tkarczew...@man.olsztyn.pl http://www.man.olsztyn.pl http://www.uwm.edu.pl tel. (89) 523 45 55 fax. (89) 523 43 47 Ośrodek Eksploatacji i Zarządzania Miejską Siecią Komputerową OLMAN w Olsztynie Uniwersytet Warmińsko-Mazurski w Olsztynie From: Durand fabrice via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: Friday, October 6, 2017 11:52 PM To: packetfence-users@lists.sourceforge.net Cc: Durand fabrice <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Captive Portal allow only selected usernames It's in the source where you have to define the rules. Also you can use a regexp in the rule to match what you need. Last thing , keep in mind that there is an order in the rule, so the first match win and the last one can match by default. Le 2017-10-06 à 05:19, Tomasz Karczewski via PacketFence-users a écrit : Thank you for response. Where exactly do i have to make these rules? Sources? Portal Profiles? Vlan filters? One more question. Does there a way to add to advanced rule to match i.e. company field defined in users field? If this field not match don’t allow? Tomasz Karczewski Administrator Sieci tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> http://www.man.olsztyn.pl http://www.uwm.edu.pl tel. (89) 523 45 55 fax. (89) 523 43 47 Ośrodek Eksploatacji i Zarządzania Miejską Siecią Komputerową OLMAN w Olsztynie Uniwersytet Warmińsko-Mazurski w Olsztynie From: Fabrice Durand via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: Thursday, October 5, 2017 8:12 PM To: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Cc: Fabrice Durand <mailto:fdur...@inverse.ca> <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Captive Portal allow only selected usernames Hello Tomasz, create a rule for each users and at the end add a catch_all with the reject role. Regards Fabrice Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a écrit : Hi, I'm trying to allow only selected users to wifi with specific ssid and connection-type. For example i have ssid "specificusers" connection type wireless-noeap. I want to allow only selected usernames to allow and register device with specific role i.e. "specificusers" us...@domain.com <mailto:us...@domain.com> us...@domain.com <mailto:us...@domain.com> us...@domain.com <mailto:us...@domain.com> and not allow any other usernames. Did anyone do this? Tnx for answers Tomasz Karczewski -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) :: www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users smime.p7s Description: S/MIME cryptographic signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Captive Portal allow only selected usernames
It's in the source where you have to define the rules. Also you can use a regexp in the rule to match what you need. Last thing , keep in mind that there is an order in the rule, so the first match win and the last one can match by default. Le 2017-10-06 à 05:19, Tomasz Karczewski via PacketFence-users a écrit : Thank you for response. Where exactly do i have to make these rules? Sources? Portal Profiles? Vlan filters? One more question. Does there a way to add to advanced rule to match i.e. company field defined in users field? If this field not match don’t allow? Tomasz Karczewski Administrator Sieci olman tkarczew...@man.olsztyn.pl http://www.man.olsztyn.pl http://www.uwm.edu.pl tel. (89) 523 45 55 fax. (89) 523 43 47 Ośrodek Eksploatacji i Zarządzania Miejską Siecią Komputerową OLMAN w Olsztynie Uniwersytet Warmińsko-Mazurski w Olsztynie *From:*Fabrice Durand via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] *Sent:* Thursday, October 5, 2017 8:12 PM *To:* packetfence-users@lists.sourceforge.net *Cc:* Fabrice Durand <fdur...@inverse.ca> *Subject:* Re: [PacketFence-users] Captive Portal allow only selected usernames Hello Tomasz, create a rule for each users and at the end add a catch_all with the reject role. Regards Fabrice Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a écrit : Hi, I'm trying to allow only selected users to wifi with specific ssid and connection-type. For example i have ssid "specificusers" connection type wireless-noeap. I want to allow only selected usernames to allow and register device with specific role i.e. "specificusers" us...@domain.com <mailto:us...@domain.com> us...@domain.com <mailto:us...@domain.com> us...@domain.com <mailto:us...@domain.com> and not allow any other usernames. Did anyone do this? Tnx for answers Tomasz Karczewski -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org!http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) ::www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Captive Portal allow only selected usernames
Thank you for response. Where exactly do i have to make these rules? Sources? Portal Profiles? Vlan filters? One more question. Does there a way to add to advanced rule to match i.e. company field defined in users field? If this field not match don’t allow? Tomasz Karczewski Administrator Sieci tkarczew...@man.olsztyn.pl http://www.man.olsztyn.pl http://www.uwm.edu.pl tel. (89) 523 45 55 fax. (89) 523 43 47 Ośrodek Eksploatacji i Zarządzania Miejską Siecią Komputerową OLMAN w Olsztynie Uniwersytet Warmińsko-Mazurski w Olsztynie From: Fabrice Durand via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: Thursday, October 5, 2017 8:12 PM To: packetfence-users@lists.sourceforge.net Cc: Fabrice Durand <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Captive Portal allow only selected usernames Hello Tomasz, create a rule for each users and at the end add a catch_all with the reject role. Regards Fabrice Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a écrit : Hi, I'm trying to allow only selected users to wifi with specific ssid and connection-type. For example i have ssid "specificusers" connection type wireless-noeap. I want to allow only selected usernames to allow and register device with specific role i.e. "specificusers" us...@domain.com <mailto:us...@domain.com> us...@domain.com <mailto:us...@domain.com> us...@domain.com <mailto:us...@domain.com> and not allow any other usernames. Did anyone do this? Tnx for answers Tomasz Karczewski -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) :: www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) smime.p7s Description: S/MIME cryptographic signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Captive Portal allow only selected usernames
Hello Tomasz, create a rule for each users and at the end add a catch_all with the reject role. Regards Fabrice Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a écrit : > Hi, > > I'm trying to allow only selected users to wifi with specific ssid and > connection-type. > For example i have ssid "specificusers" connection type wireless-noeap. > I want to allow only selected usernames to allow and register device with > specific role i.e. "specificusers" > us...@domain.com us...@domain.com us...@domain.com and not allow any other > usernames. > Did anyone do this? > > Tnx for answers > Tomasz Karczewski > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Captive Portal allow only selected usernames
Hi, I'm trying to allow only selected users to wifi with specific ssid and connection-type. For example i have ssid "specificusers" connection type wireless-noeap. I want to allow only selected usernames to allow and register device with specific role i.e. "specificusers" us...@domain.com us...@domain.com us...@domain.com and not allow any other usernames. Did anyone do this? Tnx for answers Tomasz Karczewski smime.p7s Description: S/MIME cryptographic signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users