Le 2018-01-25 à 04:04, E.P. a écrit :
>
> One more stupid question from me, Fabrice, regarding the same subject J
>
> How is the role assigned to the user session?
>
It's with the source's rules, like you did with the staff role.
Let's say you hit the portal then fill b...@options.bc.ca and use the AD
source to authenticate then if a rule match then it will assign a role
and an access duration.
>
> I don’t see it in the debugs output but I see it in the results of the
> pftest like I showed it before
>
> Am I supposed to see it the RADIUS reply message or somewhere in the
> debug outputs ?
>
In radius you will see the vlan id of the staff role.
A source assign a role and an access duration, a switch configuration
will convert the role to a vlan id (role tab in switch config).
> Still trying to implement the limitation of devices that the staff
> user is supposed to connect.
>
>
>
>
>
> And finally, when will the node become registered ? As far as I
> understand it doesn’t have anything to do with a user that owns it and
> successfully authenticates using dot1x supplicant?
>
> Just wondering if we can have hosts/nodes registered after VLAN
> assignment to dot1x session ?
>
Create a connection profile with a filter SSID = secure ssid and check
autoregister 802.1x then add your AD source in the connection profile.
It will autoreg your device and assign the role that the rule of your AD
source returned.
Regards
Fabrice
>
>
> Eugene
>
>
>
> *From:*Durand fabrice [mailto:fdur...@inverse.ca]
> *Sent:* Friday, January 19, 2018 6:05 PM
> *To:* E.P.; packetfence-users@lists.sourceforge.net
> *Subject:* Re: [PacketFence-users] Number of devices to connect to the
> network
>
>
>
> In your AD authentication source, create a rule that match a staff
> group and assign the staff role and an access duration. (memberof
> equal cn=staff,dc=...)
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-01-17 à 01:07, E.P. a écrit :
>
> Great!
>
> That confirms my train of thought. But it is still not clear to me
> how will it affect the user that authenticates against AD.
>
> Yes, I have created a new role, called “staff” and yes, I have set
> a limit of 2 devices for this role.
>
> Then, the end-user just connects to SSID, authenticates and gets
> on the network. How would I assign the user to the “staff” role?
>
> Is this where provisioners come to help ?
>
>
>
> Eugene
>
>
>
> *From:*Fabrice Durand via PacketFence-users
> [mailto:packetfence-users@lists.sourceforge.net]
> *Sent:* Tuesday, January 16, 2018 6:42 AM
> *To:* packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>
> *Cc:* Fabrice Durand
> *Subject:* Re: [PacketFence-users] Number of devices to connect to
> the network
>
>
>
> Hello Eugene,
>
> this is exactly where you have to control that.
>
> So just set a limit on the roles where you want to limit the
> number of devices per users.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit :
>
> It sounds close to the number of devices/nodes a user can
> register which is configurable under Configuration-Policies
> and access control-Roles, but we don’t allow this luxury to
> anyone yet. Just regular network admission control based on
> the active AD account
>
>
>
> *From:*E.P. [mailto:ype...@gmail.com]
> *Sent:* Monday, January 15, 2018 10:54 PM
> *To:* packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>
> *Subject:* Number of devices to connect to the network
>
>
>
> Guys,
>
> We are still at the early phases of PF deployment and only now
> looking into AD based authentication for wireless devices
>
> Is there any way to limit the number of user devices that can
> be connected by one user?
>
> Let’s say the user uses his/her laptop and roams around remote
> sites where we provide WiFi with WPA2-Enterprise and we also
> allow him/her use the phone (iPhone/Android). No more devices
> to connect
>
>
>
> Eugene
>
>
>
>
>
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
