Hi all,
I appreciate that there's a lot going on with the last minute patching of new
versions etc, so there's no urgency with this as I'm just playing on a dev
network. I'm currently running 4.0.4-2 on a redhat 6.4 box
I'd like to get roles assigned depending on the username received from the
radius server, hopefully extending this out to separate our local users from
eduroam visitors, but at the moment my radius source doesn't seem to like the
rule I've applied to it and results in no matches:
[packetfence.log]
Aug 13 13:16:05 pf::WebAPI(3884) INFO: autoregister a node that is already
registered, do nothing. (pf::node::node_register)
Aug 13 13:16:05 pf::WebAPI(3884) INFO: Username was NOT defined or unable to
match a role - returning node based role '' (pf::vlan::getNormalVlan)
Aug 13 13:16:05 pf::WebAPI(3884) WARN: No parameter Vlan found in
conf/switches.conf for the switch 1.2.3.4 (pf::SNMP::getVlanByName)
Aug 13 13:16:05 pf::WebAPI(3884) WARN: Resolved VLAN for node is not properly
defined: Replacing with macDetectionVlan (pf::vlan::fetchVlanForNode)
Aug 13 13:16:05 pf::WebAPI(3884) INFO: MAC: 00:24:54:42:86:04, PID: sm12345,
Status: reg. Returned VLAN: 62 (pf::vlan::fetchVlanForNode)
Aug 13 13:16:05 pf::WebAPI(3884) WARN: Role-based Network Access Control is not
supported on network device type pf::SNMP::Cisco::Catalyst_2960.
(pf::SNMP::supportsRoleBasedEnforcement)
Aug 13 13:16:09 pf::WebAPI(3885) INFO: handling radius autz request: from
switch_ip => 1.2.3.4, connection_type => Ethernet-EAP mac => 00:24:54:42:86:04,
port => 50001, username => sm12345 (pf::radius::authorize)
My authentication.conf looks like:
[PF_Radius]
description=Packetfence Radius Server
secret=testing123
port=1812
type=RADIUS
host=127.0.0.1
[PF_Radius rule Staff_radius]
description=
match=all
action0=set_role=Staff
action1=set_unreg_date=2013-08-31
condition0=username,starts,sm
I'm trying to get any username beginning with 'sm' to be given the staff role.
Cheers,
Andi
-------------------------------------
Andi Morris
IT Security Officer
Cardiff Metropolitan University
T: 02920 205720
E: [email protected]<mailto:[email protected]>
--------------------------------------
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
