My fault.. I edited the PaloAlto.pm to change how the data gets posted to the API and typo'd. :D
On Fri, Aug 1, 2014 at 8:38 AM, Tim DeNike <[email protected]> wrote: > Just upgraded to 4.3 and I'm playing around with the SSO module. Ive been > using a radius script I wrote to manage IP mapping, but I'm hoping this > will handle Mac based user->IP mappings. > > Anyways.. How do you configure it? I tried in the UI and it looks like it > adds the configs in, but it doesn't stick and the conf file on the server > never gets updated. I tried manually editing the conf file with the > parameters I figured should be there, then I just get an error where it > can't start the module. > > > Also.. For the Palo.. There are 2 ways of handling IP mappings. Using the > firewalls on-board API, or the AD modules that get installed on your AD > servers. The AD module doesn't use the key= api value. All the other > options are the same though. We found that the API would cause the > management UI to lag sometimes if there were a lot of updates being sent to > it, so we have been using the service on the AD servers. > > Might want to add a checkbox for that. :D > > Another function I didn't really see in the module was the ability to add > the AD domain on for domain authenticated users. i.e.: tim.denike in > packet fence should get mapped to MCCAD\tim.denike in the palos user-id. > Otherwise any group based firewall rules won't match my username. BUT, > other users that connect via eduroam would NOT need an AD domain added > because its only inserted into the palo for logging purposes. > > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
