Hi Ian,
Chained source is the secret.
Create one with email source and htpasswd source
(/usr/local/pf/conf/guest.conf).
Then create this script and add it in the crontab.
#/bin/bash
#
# Generate random guest password
#
PASSWORD=`< /dev/urandom tr -dc a-z0-9 | head -c8`
#Add it to invite.conf
htpasswd -b /usr/local/pf/conf/guest.conf guest ${PASSWORD}
#Add it to a plaintext file
if [ ! -f /usr/local/pf/conf/guest.plaintext ]; then
touch /usr/local/pf/conf/guest.plaintext
fi
echo "#Generated on `date`" > /usr/local/pf/conf/guest.date
echo "${PASSWORD}" > /usr/local/pf/conf/guest.plaintext
#Mail the password
SUBJECT="Hi this is the guest account of the week - Yeah"
EMAIL="[email protected]"
mail -s "$SUBJECT" "$EMAIL" <<EOM
Hi Guys,
Here the password of the week for the guest account
Username: guest
Password: ${PASSWORD}
EOM
Regards
Fabrice
Le 2016-03-10 19:11, Ian MacDonald a écrit :
We have PF 5.7.0 running with OpenWRT 15.05 hostapd switches configured.
Our objective is to have users register or pre-register with an email
address, and then have access in combination with a locally posted
pre-shared key. This meets our requirement of allowing free access to
any local members and disallowing any non-members that happen to be
able to get signal in the boundary of the service area. We are not
positive if this can be done with Packetfence but believe it can.
We would like some help to figure out the pre-shared key part;
Details follow; any help appreciated.
cheers,
Ian
Dynamic VLAN switching and email registration are working with the
default captive portal profile. Users are redirected after the
dynamic VLAN change and have access. We learned a lot along the way.
The next step is to add the concept of a pre-shared key. This allows
us to limit access to only people that can see the posted 'pre-shared
key'
Some ideas we have, that we would like some help with how to start are:
1) Somehow change the registration process to actually call a script
that creates a new user in an LDAP directory/flat file or other place
that can be used as an internal source with the login page/ We could
hard code everyone's cleartext password to the the pre-shared key -
either in the source itself, or using a radius filter of some kind.
On the login page after registration, they could use their
email+preshared key to gain access.
2) Somehow trick packetfence and hostapd into working like they are
doing wpa2 for dynamic VLANs but in fact set a psk2 shared key on the
SSID. In this model we use secure SSIDs and packetfence only needs to
verify the email and let the AP handle the pre-shared key. We tried
this and the radius stuff just stops working altogether once hostapd
is configured for psk2, so we are not optimistic that we can use PSK2
with the captive portal and radius dynamic vlans.
In both cases the guest access would be time limited or restrictive,
as outlined in the registration email so that the user would know to
use the login page with pre-shared key when they return.
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
