That's on the user. If they don't use the installer we provide that sets up all the certificates and trusts. Otherwise it really doesn't matter. If I went and setup a hotspot near your campus with a ssid of resnet and made the portal look the same as yours I could probably have dozens or hundreds of passwords by the end of the day.
Perfect world would be doing certificate auth but it took me long enough just to get them to think about dropping psk networks. ;) Sent from my iPhone On Aug 6, 2015, at 11:27 AM, Chris Abel <ca...@wildwoodprograms.org> wrote: We just use portal profiles because of all the security holes with 802.1x. One such example that still works especially well for mobile devices: https://www.defcon.org/images/defcon-21/dc-21-presentations/djwishbone-PuNk1nPo0p/DEFCON-21-djwishbone-PuNk1nPo0p-BYO-Disaster-Updated.pdf Hopefully your 802.1x credentials aren't the same credentials for other online services. Not sure how to accomplish what you're trying to do. Sorry. On Thu, Aug 6, 2015 at 11:16 AM, Tim DeNike <tim.den...@mcc.edu> wrote: > That's why I use different roles for 1x and portal login. I don't assign > the role to the device for portal login, just register and dynamically > assign. Then I have a rule to deny association for registered devices with > no role to the insecure ssids. Once someone connects with 1x, that device > isn't allowed on Mac auth until the next day (expire the registration). My > goal is to always keep people on 1x and only use portal for devices that > can't use 1x for some reason. > > But we don't have dorms so the situation is a little different. > > Sent from my iPhone > > On Aug 6, 2015, at 11:11 AM, Pete Hoffswell <pete.hoffsw...@davenport.edu> > wrote: > > Our regular SSID is 802.1x. There is no portal profile, if I'm not > mistaken. > > I have a portal profile for resnet, and that works fine for unregistered > devices. > > I just want registered device (such as ones that connected to the 802.1x > regular ssid first) to connect to a different vlan (resnet) when they > connect to the resnet ssid. > > I don't actually want to modify the node. Just switch it to a different > vlan. > > > > > > - > Pete Hoffswell - Network Manager > pete.hoffsw...@davenport.edu > http://www.davenport.edu > > > On Thu, Aug 6, 2015 at 10:55 AM, Chris Abel <ca...@wildwoodprograms.org> > wrote: > >> Yes, this is for auto registration. >> >> If you still want unregistered users to hit the registration page, why >> don't you add the resnet SSID to the portal profile you have for your >> regular SSID? >> >> On Thu, Aug 6, 2015 at 10:35 AM, Pete Hoffswell < >> pete.hoffsw...@davenport.edu> wrote: >> >>> Thanks, Chris! >>> >>> Does the AutoRegister automatically register the user, then? I don't >>> necessarily want that. I still want them to get stuck on a registration >>> page if they are not registered... >>> >>> - >>> Pete Hoffswell - Network Manager >>> pete.hoffsw...@davenport.edu >>> http://www.davenport.edu >>> >>> >>> On Thu, Aug 6, 2015 at 10:30 AM, Chris Abel <ca...@wildwoodprograms.org> >>> wrote: >>> >>>> Pete, I think you'll want something like this: >>>> >>>> [resnet-ssid] >>>> filter = ssid >>>> operator = is >>>> value = resnet >>>> >>>> [1:resnet-ssid] >>>> scope = AutoRegister >>>> role = resnet >>>> >>>> [2:resnet-ssid] >>>> scope = NormalVlan >>>> role = resnet >>>> action = modify_node >>>> action_param = mac = $mac, category = resnet >>>> >>>> On Thu, Aug 6, 2015 at 9:27 AM, Pete Hoffswell < >>>> pete.hoffsw...@davenport.edu> wrote: >>>> >>>>> Hi Tim. >>>>> >>>>> Yes, users could register on this SSID as well. But, a device may >>>>> have been registered on a separate SSID, and then try to connect to this >>>>> network. >>>>> >>>>> Student connects to our regular SSID, and registers. Gets a role of >>>>> "student" >>>>> Student goes to residence hall >>>>> Student connects to SSID resnet. >>>>> >>>>> This is where I want them to vlan switch to the resnet vlan. Normally >>>>> identified by role "resnet" >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> - >>>>> Pete Hoffswell - Network Manager >>>>> pete.hoffsw...@davenport.edu >>>>> http://www.davenport.edu >>>>> >>>>> >>>>> On Thu, Aug 6, 2015 at 9:14 AM, Tim DeNike <tim.den...@mcc.edu> wrote: >>>>> >>>>>> Or setup a portal profile. Do you want people to register devices on >>>>>> this ssid? >>>>>> >>>>>> Sent from my iPhone >>>>>> >>>>>> On Aug 6, 2015, at 9:12 AM, Pete Hoffswell < >>>>>> pete.hoffsw...@davenport.edu> wrote: >>>>>> >>>>>> Good morning - >>>>>> >>>>>> I have a SSID "resnet", and would like all users to be forced to vlan >>>>>> 10, no matter their role. >>>>>> >>>>>> I do have a role "resnet" that is defined in my device configurations >>>>>> to vlan 10. >>>>>> >>>>>> Would this be the correct rule for a vlan_filters.conf? >>>>>> >>>>>> >>>>>> [resnet-ssid] >>>>>> filter = ssid >>>>>> operator = is >>>>>> value = resnet >>>>>> >>>>>> [1:resnet-ssid] >>>>>> scope = NormalVlan >>>>>> role = resnet >>>>>> >>>>>> >>>>>> - >>>>>> Pete Hoffswell - Network Manager >>>>>> pete.hoffsw...@davenport.edu >>>>>> http://www.davenport.edu >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> PacketFence-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>> >>>> >>>> -- >>>> Chris Abel >>>> Systems and Network Administrator >>>> Wildwood Programs >>>> 2995 Curry Road Extension >>>> Schenectady, NY 12303 >>>> 518-836-2341 >>>> >>>> IMPORTANT NOTICE: This message and any attachments are solely for the >>>> intended recipient and may contain confidential information, which is, or >>>> may be, legally privileged or otherwise protected by law from further >>>> disclosure. If you are not the intended recipient, any disclosure, copying, >>>> use, or distribution of the information included in this email and any >>>> attachments is prohibited. If you have received this communication in >>>> error, please notify the sender by reply email and immediately and >>>> permanently delete this email and any attachments. >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >> >> >> -- >> Chris Abel >> Systems and Network Administrator >> Wildwood Programs >> 2995 Curry Road Extension >> Schenectady, NY 12303 >> 518-836-2341 >> >> IMPORTANT NOTICE: This message and any attachments are solely for the >> intended recipient and may contain confidential information, which is, or >> may be, legally privileged or otherwise protected by law from further >> disclosure. If you are not the intended recipient, any disclosure, copying, >> use, or distribution of the information included in this email and any >> attachments is prohibited. If you have received this communication in >> error, please notify the sender by reply email and immediately and >> permanently delete this email and any attachments. >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Chris Abel Systems and Network Administrator Wildwood Programs 2995 Curry Road Extension Schenectady, NY 12303 518-836-2341 IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information, which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this email and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply email and immediately and permanently delete this email and any attachments. ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
