Re: [PacketFence-users] Radius Filter - Block Mac Auth for certain roles

Hello Robert, to answer this question, i need the packetfence.log Regards Fabrice Le 21-02-10 à 20 h 19, Robert McNutt a écrit : I actually set this up this way also but the vlan filter still returns a radius accept to the switch even though it’s sending a REJECT. Is there any way for

Re: [PacketFence-users] Radius Filter - Block Mac Auth for certain roles

I actually set this up this way also but the vlan filter still returns a radius accept to the switch even though it’s sending a REJECT. Is there any way for this method to not send the radius accept but instead a radius Reject? On Wed, Feb 10, 2021 at 7:47 PM Durand fabrice via

Re: [PacketFence-users] Radius Filter - Block Mac Auth for certain roles

Hello Robert, it's more a vlan filter that you have to do. [RejectUnauthorizedRoleMAB] run_actions=enabled status=enabled top_op=and description=RejectUnauthorizedRoleMAB scopes=RegisteredRole role=REJECT condition=connection_type == "Ethernet-NoEAP" && !((node_info.category == "gaming" ||

Re: [PacketFence-users] Radius Filter - Block Mac Auth for certain roles

Still struggling with this logic which I think should be simple. We're trying to setup a radius filter to only allow MAB for devices with a specific role... for example IP phones and Printers. We have an issue where Macintoshes and Some PC's just default to MAB and they get access to their

Re: [PacketFence-users] Radius Filter - Block Mac Auth for certain roles

Hello Robert, A fix has been done yesterday regarding the connection type: https://github.com/inverse-inc/packetfence/commit/176c6d6df606cff86a83c9cf93a571c44dd52da0 Apply the maintenance branche and

Re: [PacketFence-users] Radius Filter - Block Mac Auth for certain roles

Hello Robert, can you paste the packetfence.log when the device authenticate and also paste the radius filter. Regards Fabrice Le 20-04-22 à 15 h 58, Robert McNutt via PacketFence-users a écrit : I'm trying to set a radius filter to block mac auth for any devices assigned to roles that

[PacketFence-users] Radius Filter - Block Mac Auth for certain roles

I'm trying to set a radius filter to block mac auth for any devices assigned to roles that should only auth via PEAP or EAP-TLS... For example, if a port has a phone and computer plugged in, the phone will do mac auth but the computer should never get a radius accept for mac auth... whats

Re: [PacketFence-users] Radius Filter

[mailto:packetfence-users@lists.sourceforge.net] Sent: 18 February 2018 18:45 To: packetfence-users@lists.sourceforge.net Cc: Durand fabrice <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Radius Filter Hello John, it can't work with portal preview since the filter use the radius request. I

Re: [PacketFence-users] Radius Filter

@lists.sourceforge.net] Sent: 16 February 2018 03:08 To: John Sayce via PacketFence-users <packetfence-users@lists.sourceforge.net> Cc: Durand fabrice <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Radius Filter You suppose to see in the packetfence.log file if the filter match

Re: [PacketFence-users] Radius Filter

- > From: Fabrice Durand via PacketFence-users > [mailto:packetfence-users@lists.sourceforge.net] > Sent: 06 February 2018 14:06 > To: packetfence-users@lists.sourceforge.net > Cc: Fabrice Durand <fdur...@inverse.ca> > Subject: Re: [PacketFence-users] Radius Filter > >

Re: [PacketFence-users] Radius Filter

2018 14:06 To: packetfence-users@lists.sourceforge.net Cc: Fabrice Durand <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Radius Filter Hello John, something like that in the vlan filters should work: [ssid] filter = ssid operator = is value = OPENSSID [role] filter = node_info.ca

Re: [PacketFence-users] Radius Filter

this? John -Original Message- From: Fabrice Durand via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: 06 February 2018 14:06 To: packetfence-users@lists.sourceforge.net Cc: Fabrice Durand <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Radius Filter Hell

Re: [PacketFence-users] Radius Filter

Hello John, something like that in the vlan filters should work: [ssid] filter = ssid operator = is value = OPENSSID [role] filter = node_info.category operator = match value = SOMEROLE [1:ssid] scope = RegisteredRole role = REJECT Regards Fabrice Le 2018-02-06 à 08:46, John Sayce via

[PacketFence-users] Radius Filter

I'm looking for a little guidance. I've got two SSIDs, one open and one secured. They both use mac auth against packetfence. I don't want the clients that are registered for certain roles to connect to the unsecured SSID. Can I use a radius filter (or possibly a vlan filter) to match the